| IR Number | FG-IR-22-331 |
| Date | Nov 1, 2022 |
| Severity |
High |
| CVSSv3 Score | 7.3 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-38373 |
| Affected Products |
FortiDeceptor
:
4.2.0, 4.1.1, 4.1.0, 4.0.2
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiDeceptor - Reflected XSS vulnerability on Lure Resources page
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.
Affected Products
FortiDeceptor version 4.2.0FortiDeceptor version 4.1.0 through 4.1.1
FortiDeceptor version 4.0.2
Solutions
Please upgrade to FortiDeceptor version 4.3.0 or abovePlease upgrade to FortiDeceptor version 4.2.1 or above
Please upgrade to FortiDeceptor version 4.1.2 or above
Please upgrade to FortiDeceptor version 4.0.3 or above