PSIRT Advisory

FortiOS open redirect vulnerability


The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. The redirect input parameter is also prone to a cross site scripting.


Open redirect


Fortinet is pleased to thanks to Javier Nieto from for reporting a FortiOS vulnerability under responsible disclosure