FortiMail reflected XSS vulnerability under customized webmail login page
FortiMail 5.2.0 -> 5.2.9
FortiMail 5.3.0 -> 5.3.9
FortiMail 5.1 and below.
FortiMail 5.2 branch, upgrade to 5.2.10 or above.
FortiMail 5.3 branch, upgrade to 5.3.10 or above
FortiMail 5.4 branch, not impacted.
FortiMail 5.1 and below, use the system default login portal instead of a customized webmail login portal.
Fortinet is pleased to thank Silas Aitchison for reporting this vulnerability under responsible disclosure.