Unrated severityNVD Advisory· Published Jan 15, 2025· Updated Feb 4, 2026
CVE-2024-35280
CVE-2024-35280
Description
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints
Affected products
2cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*range: 5.3.0
- (no CPE)range: >=3.0.0, <=5.3.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.