Reflected Cross-Site Scripting Vulnerability in FortiWeb's Web Interface
CVE-2022-43955
8HIGH
What is CVE-2022-43955?
An improper neutralization of input in the FortiWeb web interface versions ranging from 7.0.0 to 7.0.3, and in various 6.xx and 5.xx releases, can allow unauthenticated remote attackers to execute reflected cross-site scripting (XSS) attacks. This is achieved by injecting malicious payloads into log entries that the application uses to generate reports, which can be exploited during the web page generation process, posing significant risks to the security of users interacting with the affected system.
Affected Version(s)
FortiWeb 7.0.0 <= 7.0.3
FortiWeb 6.4.0 <= 6.4.2
FortiWeb 6.3.0 <= 6.3.21