XSS vulnerability in the URL of the FortiGateCloud Login Page


An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated attacker to perform a reflected cross site scripting attack (XSS) via a specifically crafted login request.

Affected Products

FortiGateCloud version 4.4


Fixed in FortiGateCloud version 20.1. Starting in 2020, FortiGateCloud will employ a new version syntax.


Fortinet is pleased to thank Johnatan Camargo from  PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.