VYPR
Unrated severityNVD Advisory· Published Dec 6, 2022· Updated Oct 22, 2024

CVE-2022-40680

CVE-2022-40680

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.

Affected products

3
  • Fortinet/Fortiosllm-fuzzy2 versions
    >=6.0.7 <=6.0.15, >=6.2.2 <=6.2.12, >=6.4.0 <=6.4.9, >=7.0.0 <=7.0.3+ 1 more
    • (no CPE)range: >=6.0.7 <=6.0.15, >=6.2.2 <=6.2.12, >=6.4.0 <=6.4.9, >=7.0.0 <=7.0.3
    • (no CPE)range: 7.0.0
  • Range: 7.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.