CVE-2021-36188
Severity
6.1MEDIUM
EPSS
0.4%
top 40.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 8
Latest updateDec 9
Description
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages2 packages
▶CVEListV5fortinet/fortinet_fortiwebFortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
🔴Vulnerability Details
2GHSA▶
GHSA-fjf7-cx66-jx8m: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6↗2021-12-09
CVEList▶
CVE-2021-36188: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6↗2021-12-08
📋Vendor Advisories
1Fortinet▶
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4...↗2021-12-08