Reflect XSS through SSL VPN web portal URL param parameter on error page Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-034 Final 1 1 2019-08-21T00:00:00 Current version 2019-08-21T00:00:00 2019-08-21T00:00:00 Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack via multiple parameters of the error page HTTP request. Execute unauthorized code or commands CVE-2019-5586FortiOS 6.0.0 to 6.0.4FortiOS 5.2.0 to 5.6.10CVE-2019-5588FortiOS 6.0.0 to 6.0.4 Upgrade to FortiOS 5.6.11, 6.0.5 or 6.2.0Workarounds:Disable the SSL-VPN web portal service by applying the following CLI commands:config vpn ssl settingsunset source-interfaceendRevision History:05-24-2019 Initial version08-21-2019 Add 5.6 branch fixing for CVE-2019-5586 Fortinet is pleased to thank Aaron Hall from Verizon Media Group (Oath) for reporting CVE-2019-5586 and Nathan HARDY Cybersecurity Engineer/Consultant at Sogeti Luxembourg for reporting CVE-2019-5588 under responsible disclosures. CVE-2019-5586 CVE-2019-5588 5.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-034 Reflect XSS through SSL VPN web portal URL param parameter on error page Reference>