CVE-2021-43080

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.4%
top 36.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortinet Fortios
Timeline
PublishedSep 6
Latest updateSep 7

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 2.1 | Impact: 2.5

Affected Packages2 packages

NVDfortinet/fortios6.4.06.4.10+2
CVEListV5fortinet/fortinet_fortiosFortiOS 7.2.0, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

🔴Vulnerability Details

2
GHSA
GHSA-9rfg-v9qp-56r5: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 72022-09-07
CVEList
CVE-2021-43080: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 72022-09-06

📋Vendor Advisories

1
Fortinet
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version...2022-09-06