CVE-2022-43952 — Cross-site Scripting in Fortinet Fortiadc

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

CNA3.5

EPSS

0.4%

top 41.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortiadc

Timeline

PublishedApr 11

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortiadc6.2.0 — 6.2.6+2

▶CVEListV5fortinet/fortiadc7.1.0 — 7.1.1+2

🔴Vulnerability Details

GHSA

GHSA-g982-q57c-wm6f: An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7↗2023-04-11

▶

CVEList

CVE-2022-43952: An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7↗2023-04-11

▶

📋Vendor Advisories

Fortinet

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiA...↗2023-04-11

▶