CVE-2022-43955

CVE Database · CVE-2022-43955

CVE-2022-43955

· HIGHModified

CVSS v3.1

8.8

EPSS

0.64%

Published

Apr 11, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (4)

fortinet · fortiwebvulnerable

fortinet · fortiweb (up to 6.3.22)vulnerable

fortinet · fortiwebvulnerable

fortinet · fortiweb (up to 7.0.4)vulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-22-428

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-428

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs