Unrated severityNVD Advisory· Published Nov 2, 2022· Updated Oct 25, 2024
CVE-2022-38373
CVE-2022-38373
Description
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
Affected products
2>=4.0.2, <=4.2.0+ 1 more
- (no CPE)range: >=4.0.2, <=4.2.0
- (no CPE)range: FortiDeceptor 4.2.0, 4.1.0 through 4.1.1, 4.0.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.