CVE-2022-41330 — Cross-site Scripting in Fortinet Fortios

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

CNA8.8

EPSS

2.1%

top 15.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios Fortinet Fortiproxy

Timeline

PublishedApr 11

Description

An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDfortinet/fortios6.2.0 — 6.2.13+3

▶NVDfortinet/fortiproxy7.0.0 — 7.0.8+1

▶CVEListV5fortinet/fortios7.2.0 — 7.2.3+3

▶CVEListV5fortinet/fortiproxy7.2.0 — 7.2.1+1

🔴Vulnerability Details

GHSA

GHSA-p982-cmx8-62xh: An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7↗2023-04-11

▶

CVEList

CVE-2022-41330: An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7↗2023-04-11

▶

📋Vendor Advisories

Fortinet

Cross Site Scripting vulnerabilities in administrative interface↗2023-04-11

▶