Multiple Cross Site Scripting on FortiCloud Web Interface Login
Before August, 2018, parameters at /loginmgrlogin in forticloud.com were vulnerable to a Cross-Site-Scripting (XSS) attack.
FortiCloud 3.2.1 and below (before August, 2018)
FortiCloud 3.3.0 (online since August, 2018)
Fortinet is pleased to thank Donato Onofri of Business Integration Partners reporting this vulnerability under responsible disclosure.