Cross-Site Scripting Vulnerability in FortiADC by Fortinet
CVE-2022-43952

3.3LOW

Key Information:

Vendor
Fortinet
Status
Vendor
CVE Published:
11 April 2023

Summary

An improper neutralization of input during web page generation vulnerability exists in FortiADC versions 7.1.1 and below, 7.0.3 and below, and 6.2.5 and below. This issue may enable an authenticated attacker to execute a cross-site scripting (XSS) attack through the utilization of specially crafted HTTP requests, potentially allowing them to manipulate the behavior of web pages viewed by other users.

Affected Version(s)

FortiADC 7.1.0 <= 7.1.1

FortiADC 7.0.0 <= 7.0.3

FortiADC 6.2.0 <= 6.2.5

References

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.