A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
https://www.exploit-db.com/exploits/42388/
https://fortiguard.com/advisory/FG-IR-17-104