Home

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

PUBLISHED Reserved 2021-10-28 | Published 2022-05-11 | Updated 2024-10-22 | Assigner fortinet




MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:W/RC:X

Problem types

Unauthorized code execution

Product status

FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0.
affected

References

fortiguard.com/psirt/FG-IR-21-230

fortiguard.com/psirt/FG-IR-21-230

cve.org (CVE-2021-43081)

nvd.nist.gov (CVE-2021-43081)

Download JSON