A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-281 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Mar 2023, 15:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://fortiguard.com/psirt/FG-IR-22-281 - Vendor Advisory | |
CPE | cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:* |
|
First Time |
Fortinet
Fortinet fortinac |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
07 Mar 2023, 17:55
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-07 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40676
Mitre link : CVE-2022-40676
CVE.ORG link : CVE-2022-40676
JSON object : View
Products Affected
fortinet
- fortinac
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')