A reflected XSS vulnerability exists in FortiOS web GUI βLogin Disclaimerβ redir parameter. It is potentially exploitable by a remote unauthenticated attacker, via sending a maliciously crafted URL to a victim who has an open session on the web GUI. Visiting that malicious URL may cause the execution of arbitrary javascript code in the security context of the victimβs browser.