Lucene search

[email protected]NVD:CVE-2022-41334

HistoryFeb 16, 2023 - 7:15 p.m.

CVE-2022-41334

2023-02-1619:15:13

CWE-79

[email protected]

web.nvd.nist.gov

fortios

input handling

xss

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON

An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the “redir” parameter of the URL seen when the “Sign in with FortiCloud” button is clicked.

Affected configurations

Nvd

Node

fortinetfortiosRange7.0.0–7.0.7

fortinetfortiosRange7.2.0–7.2.3

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::

References

fortiguard.com/psirt/FG-IR-22-224

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON

Related for NVD:CVE-2022-41334

cve1 cvelist1 prion1 nessus1 fortinet1 ics1