CVE-2015-3612: 
Fortinet FortiManager vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability was identified in FortiManager versions 5.2.1 and earlier, as well as versions 5.0.10 and earlier. The vulnerability exists via an unspecified parameter in the FortiWeb auto update service page (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. Under CVSS v2.0, it received a base score of 3.5 (Low) with vector (AV:N/AC:M/Au:S/C:N/I:P/A:N). The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The Cross-site Scripting vulnerability could allow attackers to inject malicious scripts that would execute in the context of the user's browser session. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions performed in the context of the authenticated user (NVD).

Users should upgrade to versions newer than FortiManager 5.2.1 or 5.0.10 to address this vulnerability. The issue has been addressed in subsequent releases (Fortiguard Advisory).