XSS vulnerability in the URL of the FortiGateCloud Login Page
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-306
Final
1
1
2020-05-25T00:00:00
Current version
2020-05-25T00:00:00
2020-05-25T00:00:00
An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated attacker to perform a reflected cross site scripting attack (XSS) via a specifically crafted login request.
Unauthorized code execution
FortiGateCloud version 4.4
Fixed in FortiGateCloud version 20.1. Starting in 2020, FortiGateCloud will employ a new version syntax.
Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.
FortiCloud 4.4.0
XSS vulnerability in the URL of the FortiGateCloud Login Page
FortiCloud-4.4.0
4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-306
XSS vulnerability in the URL of the FortiGateCloud Login Page
Reference>