Fortiguard

FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI

Summary

Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiNAC portal UI may allow an attacker to perform an XSS attack via crafted HTTP requests.

Affected Products

FortiNAC version 9.4.0 through 9.4.1
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
FortiNAC 8.6 all versions

Solutions

Please upgrade to FortiNAC version 7.2F or above
Please upgrade to FortiNAC version 9.4.2 or above

Acknowledgement

Internally discovered and reported by Théo Leleu of Fortinet Product Security team.

IR Number	FG-IR-22-273
Date	Feb 16, 2023
Severity	Medium
CVSSv3 Score	5.8
Impact	Execute unauthorized code or commands
CVE ID	CVE-2022-38376
CVRF	Download

Network

Files and Endpoint

Application

Additional SOC Services

PSIRT Advisories

FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI

Summary

Affected Products

Solutions

Acknowledgement

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

PSIRT Advisories

FortiNAC - Multiple reflected cross-site scripting vulnerabilities in portal UI

Summary

Affected Products

Solutions

Acknowledgement