| IR Number | FG-IR-22-166 |
| Date | Feb 16, 2023 |
| Severity |
Medium |
| CVSSv3 Score | 6.5 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-30304 |
| Affected Products |
FortiAnalyzer
:
7.2.1, 7.2.0, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiAnalyzer - XSS vulnerability due to AngularJS Client-Side Template injection
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.
Affected Products
FortiAnalyzer version 7.2.0 through 7.2.1.
FortiAnalyzer version 7.0.0 through 7.0.4
FortiAnalyzer version 6.4.0 through 6.4.8
FortiAnalyzer version 6.2.0 through 6.2.9
FortiAnalyzer version 6.0.0 through 6.0.11
Solutions
Please upgrade to FortiAnalyzer version 7.2.2 or above
Please upgrade to FortiAnalyzer version 7.0.5 or above
Please upgrade to FortiAnalyzer version 6.4.9 or above