CVE-2022-38374 — Cross-site Scripting in Fortinet Fortiadc

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

CNA8.8

EPSS

16.7%

top 5.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc Fortinet Fortiadc

Timeline

PublishedNov 2

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortiadc6.2.0 — 6.2.4+1

▶CVEListV5fortinet/fortinet_fortiadcFortiADC 7.0.2, 7.0.1, 7.0.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0

🔴Vulnerability Details

CVEList

CVE-2022-38374: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7↗2022-11-02

▶

GHSA

GHSA-4h7x-gvv2-wxvc: A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7↗2022-11-02

▶

📋Vendor Advisories

Fortinet

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0...↗2022-11-02

▶