Cross-site Scripting Vulnerability in FortiADC GUI by Fortinet
CVE-2023-37933

8.6HIGH

Key Information:

Vendor: Fortinet
Status: Fortiadc
Vendor: CVE Published:; 11 March 2025

Summary

A vulnerability in the FortiADC GUI allows authenticated attackers to exploit an improper neutralization of input when generating web pages, leading to the potential execution of malicious scripts. This Cross-site Scripting (XSS) vulnerability can be triggered via specially crafted HTTP or HTTPS requests, posing significant risks to the security of web applications. Users are advised to update to the latest versions and follow secure coding practices to mitigate this risk.

Affected Version(s)

FortiADC 7.4.0

FortiADC 7.2.0 <= 7.2.1

FortiADC 7.1.0 <= 7.1.3

References

https://fortiguard.com/psirt/FG-IR-23-216

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Jul 11, 2023