CVE-2022-41334
published 2023-02-16CVE-2022-41334: An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticloud | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | 7.0.0 – 7.0.7 | — |
| fortinet | fortios | 7.2.0 – 7.2.3 | — |