| IR Number | FG-IR-22-428 |
| Date | Apr 11, 2023 |
| Component | GUI |
| Severity |
High |
| CVSSv3 Score | 8 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-43955 |
| Affected Products |
FortiWeb
:
7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.3.21, 6.3.20, 6.3.19, 6.3.18, 6.3.17, 6.3.16, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.4, 6.1.3, 6.1.2, 6.1.1, 6.1.0, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiWeb - XSS vulnerability in HTML generated attack report files
Summary
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.
Affected Products
FortiWeb version 7.0.0 through 7.0.3
FortiWeb 6.4 all versions
FortiWeb version 6.3.0 through 6.3.21
FortiWeb version 6.2 all versions
FortiWeb version 6.1 all versions
FortiWeb version 6.0 all versions
Solutions
Please upgrade to FortiWeb version 7.2.0 or abovePlease upgrade to FortiWeb version 7.0.4 or above
Please upgrade to FortiWeb version 6.3.22 or above