PSIRT Advisory

FortiGate SSL VPN web portal login redir XSS vulnerability

Summary

A Cross-site Scripting (XSS) vulnerability in FortiOS SSL-VPN portal may allow an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the login redir parameter.

An URL Redirection Attack may also enable an authenticated user to redirect the victim to an arbitrary URL, via the redir parameter.

Impact

Cross-site Scripting (XSS), URL Redirection Attack

Affected Products

FortiOS 5.6.0 -> 5.6.2
FortiOS 5.4.0 -> 5.4.6
FortiOS 5.2.0 -> 5.2.12
FortiOS 5.0 and below

Solutions

FortiOS 5.6 branch: Upgrade to 5.6.3
FortiOS 5.4 branch: Upgrade to 5.4.7
FortiOS 5.2 branch: Upgrade to 5.2.13

Acknowledgement

Fortinet is pleased to thank Stefan Viehbck from SEC Consult Vulnerability Lab for reporting this vulnerability under responsible disclosure.