VYPR
Unrated severityNVD Advisory· Published Apr 11, 2023· Updated Oct 23, 2024

CVE-2022-43955

CVE-2022-43955

Description

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

Affected products

2
  • Fortinet/Fortiwebllm-fuzzy2 versions
    >=7.0.0 <=7.0.3, >=6.3.0 <=6.3.21, 6.4 all, 6.2 all, 6.1 all, 6.0 all+ 1 more
    • (no CPE)range: >=7.0.0 <=7.0.3, >=6.3.0 <=6.3.21, 6.4 all, 6.2 all, 6.1 all, 6.0 all
    • (no CPE)range: 7.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.