VYPR
Unrated severityNVD Advisory· Published Feb 24, 2022· Updated Oct 22, 2024

CVE-2021-26092

CVE-2021-26092

Description

Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.

Affected products

3
  • Fortinet/Fortiproxyllm-fuzzy2 versions
    1.2.0 through 1.2.9, 2.0.0 through 2.0.1+ 1 more
    • (no CPE)range: 1.2.0 through 1.2.9, 2.0.0 through 2.0.1
    • (no CPE)range: FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1
  • Fortinet/Fortiosllm-fuzzy
    Range: 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.