CVE-2022-23438

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
6.1MEDIUM
EPSS
0.6%
top 30.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortiosFortinet Fortinet Fortios
Timeline
PublishedJul 18
Latest updateJul 19

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages2 packages

NVDfortinet/fortios7.0.07.0.5+1
CVEListV5fortinet/fortinet_fortiosFortiOS 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0

🔴Vulnerability Details

2
GHSA
GHSA-j64m-j3jq-cvj5: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 72022-07-19
CVEList
CVE-2022-23438: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 72022-07-18

📋Vendor Advisories

1
Fortinet
XSS vulnerability observed in the authentication replacement pages2022-07-18
CVE-2022-23438 (MEDIUM CVSS 6.1) | An improper neutralization of input | cvebase.io