CVE-2022-38374
published 2022-11-02CVE-2022-38374: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortiadc | — | — |
| fortinet | fortiadc | >= 6.2.0 < 6.2.4 | 6.2.4 |
| fortinet | fortiadc | >= 7.0.0 < 7.0.3 | 7.0.3 |
| fortinet | fortinet | — | — |
| fortinet | fortinet_fortiadc | — | — |