VYPR
Unrated severityNVD Advisory· Published Jan 15, 2025· Updated Feb 4, 2026

CVE-2024-35280

CVE-2024-35280

Description

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints

Affected products

2
  • Fortinet/FortiDeceptorcpe-rescue2 versions
    cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*range: 5.3.0
    • (no CPE)range: >=3.0.0, <=5.3.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.