CVE-2023-22638

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.7%

top 28.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortinac

Timeline

PublishedFeb 16

Description

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5fortinet/fortinac9.4.0 — 9.4.1+7

▶NVDfortinet/fortinac8.5.0 — 8.5.4+8

Patches

Patch: fortiguard.com ↗Patch: fortiguard.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-22638: Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9↗2023-02-16

▶

GHSA

GHSA-2gg9-87cr-qr23: Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9↗2023-02-16

▶

📋Vendor Advisories

Fortinet

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below...↗2023-02-16

▶