Home

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.

PUBLISHED Reserved 2023-04-03 | Published 2023-09-13 | Updated 2025-12-16 | Assigner fortinet




HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Problem types

Execute unauthorized code or commands

Product status

Default status
unaffected

7.2.0 (semver)
affected

7.0.0 (semver)
affected

Default status
unaffected

7.2.0 (semver)
affected

7.0.0 (semver)
affected

6.4.0 (semver)
affected

6.2.0 (semver)
affected

References

fortiguard.com/psirt/FG-IR-23-106

fortiguard.com/psirt/FG-IR-23-106

cve.org (CVE-2023-29183)

nvd.nist.gov (CVE-2023-29183)

Download JSON