FortiMail reflected XSS vulnerability under customized webmail login page
Cross-site scripting (XSS)
FortiMail 5.2.0 -> 5.2.9
FortiMail 5.3.0 -> 5.3.9
FortiMail 5.1 and below.
FortiMail 5.2 branch, upgrade to 5.2.10 or above.
FortiMail 5.3 branch, upgrade to 5.3.10 or above
FortiMail 5.4 branch, not impacted.
FortiMail 5.1 and below, use the system default login portal instead of a customized webmail login portal.
Fortinet is pleased to thank Silas Aitchison for reporting this vulnerability under responsible disclosure.