CVE-2024-23111 | THREATINT

Description

An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.

PUBLISHED Reserved 2024-01-11 | Published 2024-06-11 | Updated 2025-08-27 | Assigner fortinet

MEDIUM: 6.2CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

7.4.0

affected

7.2.0

affected

7.0.0

affected

Default status

unaffected

7.4.0

affected

7.2.0

affected

7.0.0

affected

References

fortiguard.fortinet.com/psirt/FG-IR-23-471

cve.org (CVE-2024-23111)

nvd.nist.gov (CVE-2024-23111)

Download JSON

help @ threatint.eu