Stored Cross-Site Scripting Vulnerability in FortiWAN by Fortinet
CVE-2021-32585

7.2HIGH

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiwan
Vendor: CVE Published:; 6 April 2022

What is CVE-2021-32585?

An input validation flaw in FortiWAN prior to version 4.5.9 allows attackers to inject malicious scripts into web pages through specially crafted HTTP requests. This vulnerability can lead to stored cross-site scripting attacks, compromising user data and overall web application security. Implementing proper input sanitization and updating to the latest version is essential to mitigate this risk.

Affected Version(s)

Fortinet FortiWAN FortiWAN before 4.5.9

References

https://fortiguard.com/psirt/FG-IR-21-078

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2022
Vulnerability Reserved
May 11, 2021