FortiOS reflected XSS in the SSL VPN web portal error page parameters
Failure to sanitize input in the SSL VPN web portal may allow an attacker to perform a reflected Cross-site Scripting (XSS) attack via multiple parameters of the error page HTTP request.
Cross-site Scripting (XSS)
CVE-2019-5586 FortiOS 5.2.0 to 6.0.4
CVE-2019-5588 FortiOS 6.0.0 to 6.0.4
Upgrade to FortiOS 6.0.5 or 6.2.0
Disable the SSL-VPN web portal service by applying the following CLI commands:
config vpn ssl settings
Fortinet is pleased to thank Aaron Hall from Verizon Media Group (Oath) for reporting CVE-2019-5586 and Nathan HARDY Cybersecurity Engineer/Consultant at Sogeti Luxembourg for reporting CVE-2019-5588 under responsible disclosures.