Cross Site Scripting Vulnerability in FortiNAC by Fortinet
CVE-2024-31488
9CRITICAL
Summary
This vulnerability arises from the improper handling of user inputs during the generation of web pages in FortiNAC. It allows remote authenticated attackers to execute stored and reflected cross-site scripting (XSS) attacks through specially crafted HTTP requests, potentially compromising the integrity and confidentiality of the affected system. Users of FortiNAC versions 7.2.0 to 9.4.4 are particularly at risk, necessitating immediate remediation to protect sensitive information.
Affected Version(s)
FortiNAC 9.4.0 <= 9.4.3
FortiNAC 9.2.0 <= 9.2.8
FortiNAC 9.1.0 <= 9.1.10
References
CVSS V3.1
Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved