CVE-2017-7732 FortiMail XSS Vulnerability under customized webmail login page Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-099 Final 1 1 2017-10-13T00:00:00 Current version 2017-10-13T00:00:00 2017-10-13T00:00:00 There exists a reflected cross-site scripting (XSS) vulnerability on FortiMail customized pre-authentication webmail login page, allowing successful attackers to run arbitrary javascript code in the security context of their victim's browser. Execute unauthorized code or commands FortiMail 5.2.0 -> 5.2.9FortiMail 5.3.0 -> 5.3.9FortiMail 5.1 and below. FortiMail 5.2 branch, upgrade to 5.2.10 or above.FortiMail 5.3 branch, upgrade to 5.3.10 or aboveFortiMail 5.4 branch, not impacted.FortiMail 5.1 and below, use the system default login portal instead of a customized webmail login portal. Fortinet is pleased to thank Silas Aitchison for reporting this vulnerability under responsible disclosure. CVE-2017-7732 0 https://fortiguard.fortinet.com/psirt/FG-IR-17-099 CVE-2017-7732 FortiMail XSS Vulnerability under customized webmail login page Reference>