Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-43955

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

Published

2023-04-11T17:15:07.907

Last Modified

2024-11-21T07:27:24.650

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortiweb	≤ 6.2.7	Yes
Application	fortinet	fortiweb	< 6.3.22	Yes
Application	fortinet	fortiweb	≤ 6.4.2	Yes
Application	fortinet	fortiweb	< 7.0.4	Yes

References

https://fortiguard.com/psirt/FG-IR-22-428 Vendor Advisory ([email protected])
https://fortiguard.com/psirt/FG-IR-22-428 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)