CVE-2021-22122
published 2021-02-08CVE-2021-22122: An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an…
PriorityP181medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
10.52%
95.2th percentile
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet_fortiweb | — | — |
| fortinet | fortiweb | <= 6.2.3 | — |
| fortinet | fortiweb | — | — |
| fortinet | fortiweb | 6.3.0 – 6.3.7 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/error3?msg=30&data=';alert('document.domain');//
- →Detect exploitation attempts against the /error3 endpoint by looking for XSS payload patterns in the 'data' query parameter (e.g., script injection with alert or document.domain).
- →Confirm exploitation by checking HTTP response body for both the injected payload string and the string 'No policy has been chosen.' simultaneously (AND condition).
- →Use Shodan, FOFA, or Google dorks to identify exposed FortiWeb instances as potential targets: shodan-query 'http.title:"fortiweb - "', fofa-query 'title="fortiweb - "', google-query 'intitle:"fortiweb - "'.
- ·The vulnerability is unauthenticated and reflected XSS; no authentication is required to exploit the vulnerable API endpoints, meaning any unauthenticated remote attacker can trigger it. ↗
- ·Affected versions are FortiWeb 6.3.0 through 6.3.7 and all versions before 6.2.4; detections should be scoped to these version ranges. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6xx4-8wj3-477v: An improper neutralization of input during web page generation in FortiWeb GUI interface 6
ghsa_unreviewed·2022-05-24
CVE-2021-22122 [MEDIUM] CWE-79 GHSA-6xx4-8wj3-477v: An improper neutralization of input during web page generation in FortiWeb GUI interface 6
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
VulnCheck
Fortinet FortiWeb Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2021·CVSS 6.1
CVE-2021-22122 [MEDIUM] Fortinet FortiWeb Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Fortinet FortiWeb Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
Affected: Fortinet FortiWeb
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2021-22122; https://dashboard.shadowserver.org/statisti
Fortinet
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version...
vendor_fortinet·2021-02-08·CVSS 6.1
CVE-2021-22122 [MEDIUM] CWE-79 An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version...
FG-IR-20-122: An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version...
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
CVEs: CVE-2021-22122
CWEs: CWE-79
CVSS: 6.1 (medium)
Affected products: FortiWeb
No detection rules found.
Nuclei
FortiWeb - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2021-22122 [MEDIUM] FortiWeb - Cross Site Scripting
FortiWeb - Cross Site Scripting
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
Template:
id: CVE-2021-22122
info:
name: FortiWeb - Cross Site Scripting
author: dwisiswant0
severity: medium
description: |
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
impact: |
Successful exploitation of this vulnerability can result in the compromise of sensitive user informat
No writeups or analysis indexed.
2021-02-08
Published
Exploited in the wild