CVE-2023-22637

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

9.0CRITICAL

EPSS

0.7%

top 29.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortinac Fortinet Fortinac-f

Timeline

PublishedMay 3

Latest updateMay 4

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages3 packages

▶NVDfortinet/fortinac8.7.0 — 9.4.3

▶CVEListV5fortinet/fortinac9.4.0 — 9.4.2+4

▶NVDfortinet/fortinac-f7.2.0

🔴Vulnerability Details

GHSA

GHSA-fjx8-gmr3-vg45: An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7↗2023-05-04

▶

CVEList

CVE-2023-22637: An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7↗2023-05-03

▶

📋Vendor Advisories

Fortinet

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiN...↗2023-05-03

▶