FortiOS -- XSS vulnerability in the Login page when FortiCloud Sign-in is used

Summary

An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked.

Version Affected Solution
FortiOS 7.2 7.2.0 through 7.2.3 Upgrade to 7.2.4 or above
FortiOS 7.0 7.0.0 through 7.0.7 Upgrade to 7.0.8 or above
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool

Disable "Sign in with FortiCloud" feature using the below command

config system global
set admin-forticloud-sso-login disable
end

and use other authentication methods to login to FortiGate.

Acknowledgement

Fortinet is pleased to thank Gabriel Ottoboni for reporting this vulnerability under responsible disclosure.