PSIRT Advisory

FortiOS open redirect vulnerability

Summary

The FortiOS webui accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. The redirect input parameter is also prone to a cross site scripting.

Impact

Open redirect

Acknowledgement

Fortinet is pleased to thanks to Javier Nieto from www.behindthefirewalls.com for reporting a FortiOS vulnerability under responsible disclosure