Cross-site Scripting Vulnerability in FortiProxy and FortiOS Products
CVE-2023-29183

7.3HIGH

Key Information:

Vendor: Fortinet
Status: Fortiproxy; FortiOS
Vendor: CVE Published:; 13 September 2023

Summary

An improper neutralization of input during the web page generation process in FortiProxy and FortiOS could allow an authenticated attacker to execute arbitrary JavaScript code. This issue is triggered through manipulated settings in guest management, highlighting the importance of robust input validation to prevent such exploits.

Affected Version(s)

FortiOS 7.2.0 <= 7.2.4

FortiOS 7.0.0 <= 7.0.11

FortiOS 6.4.0 <= 6.4.12

References

https://fortiguard.com/psirt/FG-IR-23-106

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Apr 3, 2023