FortiADC - Stored XSS vulnerability in external resource page
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-314
Final
1
1
2022-11-01T00:00:00
Current version
2022-11-01T00:00:00
2022-11-01T00:00:00
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.
None
Execute unauthorized code or commands
FortiADC 7.1.0
FortiADC - Stored XSS vulnerability in external resource page
CVE-2022-35851
FortiADC-7.1.0
7.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:U/RC:R
https://fortiguard.fortinet.com/psirt/FG-IR-22-314
FortiADC - Stored XSS vulnerability in external resource page
Reference>