Prior to version 5.0.7, the Web User Interface of FortiManager and FortiAnalyzer is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities.
A remote unauthenticated attacker may be able to execute arbitrary scripts in the context of an authenticated user's browser session.
FortiManager and FortiAnalyzer < version 5.0.7
Upgrade to 5.0.7 or above.
Oded Vanunu & Adi Volkovitz, Check Point Security Research Team.