Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. versions 6.4.1 and earlier and 6.3.15 and earlier contain a cross-site scripting vulnerability that could be exploited by an attacker to execute unauthorized code or commands via a crafted HTTP request to a SAML login handler.