FortiOS -- XSS vulnerability in the Login page when FortiCloud Sign-in is used


An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked.

Version Affected Solution
FortiOS 7.2 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
FortiOS 7.0 7.0.0 through 7.0.7 Upgrade to 7.0.8 or above
Follow the recommended upgrade path using our tool at:

Disable "Sign in with FortiCloud" feature using the below command

config system global
set admin-forticloud-sso-login disable

and use other authentication methods to login to FortiGate.


Fortinet is pleased to thank Gabriel Ottoboni for reporting this vulnerability under responsible disclosure.