During the scan, Kayran managed to find a Cross-site Scripting (CVE-2017-14186) vulnerability.
A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below.
Due to failure in sanitizing the login redir parameter in the SSL-VPN web portal.
An attacker could inject arbitrary web scripts or HTML in the context of the victim’s browser.
A URL Redirection attack can also be achieved by injecting an external URL via the affected parameter.
Update to the latest version released by Fortinet.
You may use the link below in order to do that.