Fortigate firewall pre 2.50 maintenance release 4 allows a remote attacker to inject hostile code into an administrative interface. This vulnerability, used in conjunction with the fact that the username and MD5 hash of the user’s password are stored in a cookie, allows a remote attacker to trick an administrator into giving up their credentials.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/32178/fortigate2.txt
Source: https://packetstormsecurity.com/files/32178/fortigate2.txt.html