An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated attacker to perform a reflected cross site scripting attack (XSS) via a specifically crafted login request.
Affected ProductsFortiGateCloud version 4.4
SolutionsFixed in FortiGateCloud version 20.1. Starting in 2020, FortiGateCloud will employ a new version syntax.
Fortinet is pleased to thank Johnatan Camargo fromÂ PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.