CVE-2022-43955Cross-site Scripting in Fortinet Fortiweb

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
CNA8.8
EPSS
0.4%
top 36.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiweb
Timeline
PublishedApr 11

Description

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDfortinet/fortiweb6.3.06.3.22+3
CVEListV5fortinet/fortiweb7.0.07.0.3+5

🔴Vulnerability Details

2
CVEList
CVE-2022-43955: An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 72023-04-11
GHSA
GHSA-hmx7-jfhv-cvpp: An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 72023-04-11

📋Vendor Advisories

1
Fortinet
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0...2023-04-11
CVE-2022-43955 — Cross-site Scripting in Fortinet | cvebase