PSIRT Advisory

FortiGate SSL VPN web portal login redir XSS vulnerability


A Cross-site Scripting (XSS) vulnerability in FortiOS SSL-VPN portal may allow an authenticated user to inject arbitrary web code or HTML in the context of the victim's browser via the login redir parameter.

An URL Redirection Attack may also enable an authenticated user to redirect the victim to an arbitrary URL, via the redir parameter.


Cross-site Scripting (XSS), URL Redirection Attack

Affected Products

FortiOS 5.6.0 -> 5.6.2
FortiOS 5.4.0 -> 5.4.6
FortiOS 5.2.0 -> 5.2.12
FortiOS 5.0 and below


FortiOS 5.6 branch: Upgrade to 5.6.3
FortiOS 5.4 branch: Upgrade to 5.4.7
FortiOS 5.2 branch: Upgrade to 5.2.13


Fortinet is pleased to thank Stefan Viehbck from SEC Consult Vulnerability Lab for reporting this vulnerability under responsible disclosure.