VYPR
Unrated severityNVD Advisory· Published Nov 2, 2022· Updated Oct 25, 2024

CVE-2022-38373

CVE-2022-38373

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

Affected products

2
  • Fortinet/FortiDeceptorllm-fuzzy2 versions
    >=4.0.2, <=4.2.0+ 1 more
    • (no CPE)range: >=4.0.2, <=4.2.0
    • (no CPE)range: FortiDeceptor 4.2.0, 4.1.0 through 4.1.1, 4.0.2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.