XSS vulnerability in the URL of the FortiGateCloud Login Page
An improper neutralization of input vulnerability in the FortiGateCloud login page may allow a remote unauthenticated attacker to perform a reflected cross site scripting attack (XSS) via a specifically crafted login request.
Unauthorized code execution
FortiGateCloud version 4.4
Fixed in FortiGateCloud version 20.1. Starting in 2020, FortiGateCloud will employ a new version syntax.
Fortinet is pleased to thank Johnatan Camargo from PBI | Dynamic IT Security for reporting this vulnerability under responsible disclosure.