Cross-Site Scripting Vulnerability in Fortinet FortiEDR
CVE-2022-29057

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiedr
Vendor: CVE Published:; 19 July 2022

Summary

The vulnerability involves improper handling of user input during the web page generation process in Fortinet's FortiEDR. This flaw creates an opportunity for a remote, authenticated attacker to execute a reflected cross-site scripting attack. By injecting malicious payloads into various endpoints of the Management Console, the attacker can manipulate user sessions, redirect users to harmful sites, or steal sensitive data. This issue affects specific versions of FortiEDR, highlighting the importance of timely patching and security measures.

Affected Version(s)

Fortinet FortiEDR FortiEDR 5.0.3, 5.0.2, 5.0.1, 5.0.0, 4.0.0

References

https://fortiguard.com/psirt/FG-IR-22-077

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 19, 2022
Vulnerability Reserved
Apr 11, 2022