CVE-2024-23111 | THREATINT

Description

An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.

PUBLISHED Reserved 2024-01-11 | Published 2024-06-11 | Updated 2025-08-27 | Assigner fortinet

MEDIUM: 6.2CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Problem types

Execute unauthorized code or commands

Product status

Default status

unaffected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

Default status

unaffected

7.4.0 (semver)

affected

7.2.0 (semver)

affected

7.0.0 (semver)

affected

References

fortiguard.fortinet.com/psirt/FG-IR-23-471

fortiguard.fortinet.com/psirt/FG-IR-23-471

cve.org (CVE-2024-23111)

nvd.nist.gov (CVE-2024-23111)

Download JSON

help @ threatint.eu