Lucene search

[email protected]NVD:CVE-2022-26114

HistorySep 06, 2022 - 4:15 p.m.

CVE-2022-26114

2022-09-0616:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-26114

fortimail

webmail

cross-site scripting

cwe-79

input neutralization

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.2%

JSON

An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.

Affected configurations

Nvd

Node

fortinetfortimailRange<7.2.0

VendorProductVersionCPE
fortinetfortimail*cpe:2.3:a:fortinet:fortimail:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortimail	*	cpe:2.3:a:fortinet:fortimail::::::::

References

fortiguard.com/psirt/FG-IR-21-045

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.2%

JSON

Related for NVD:CVE-2022-26114

cvelist1 cve1 prion1 fortinet1