PSIRT Advisory

FortiCloud XSS vulnerability in on-demand sandbox GUI

Summary

Before Dec 5th, 2017, a Cross-Site-Scripting (XSS) vulnerability in forticloud.com on-demand sandbox GUI may have allowed an authenticated user to inject arbitrary web  code or HTML in the context of the victim's browser via the upload of a maliciously crafted file.

Impact

Cross-site Scripting (XSS)

Acknowledgement

Fortinet is pleased to thank Mohamed KEFFOUS of SOGETI for reporting this vulnerability under responsible disclosure.