PSIRT Advisory

Multiple Cross Site Scripting on FortiCloud Web Interface Login

Summary

Before August, 2018, parameters at /loginmgrlogin in forticloud.com were vulnerable to a Cross-Site-Scripting (XSS) attack.

Impact

Cross-site Scripting (XSS)

Affected Products

FortiCloud 3.2.1 and below (before August, 2018)

Solutions

FortiCloud 3.3.0 (online since August, 2018)

Acknowledgement

Fortinet is pleased to thank Donato Onofri of Business Integration Partners reporting this vulnerability under responsible disclosure.