Home
HIGH: 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:CDefault status
unaffected
7.4.0
affected
7.2.0 (semver)
affected
7.1.0 (semver)
affected
7.0.0 (semver)
affected
6.2.0 (semver)
affected
6.1.0 (semver)
affected
6.0.0 (semver)
affected
5.4.0 (semver)
affected
5.3.0 (semver)
affected
Description
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests.
Problem types
Execute unauthorized code or commands
Product status
7.4.0
7.2.0 (semver)
7.1.0 (semver)
7.0.0 (semver)
6.2.0 (semver)
6.1.0 (semver)
6.0.0 (semver)
5.4.0 (semver)
5.3.0 (semver)
References
fortiguard.com/psirt/FG-IR-23-216