CVE-2022-29057 — Cross-site Scripting in Fortinet Fortiedr

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 57.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiedr Fortinet Fortiedr

Timeline

PublishedJul 19

Latest updateJul 20

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortiedr5.0.0 — 5.0.3+3

▶CVEListV5fortinet/fortinet_fortiedrFortiEDR 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.0.0

🔴Vulnerability Details

GHSA

GHSA-87cc-pvcr-mp5p: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5↗2022-07-20

▶

CVEList

CVE-2022-29057: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5↗2022-07-18

▶

📋Vendor Advisories

Fortinet

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1...↗2022-07-19

▶