Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-22-260 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:07
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. |
27 Feb 2023, 18:17
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Fortinet
Fortinet fortinac |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| CWE | CWE-79 | |
| References | (MISC) https://fortiguard.com/psirt/FG-IR-22-260 - Patch, Vendor Advisory | |
| CPE | cpe:2.3:a:fortinet:fortinac:9.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortinac:9.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:* |
16 Feb 2023, 19:39
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-02-16 19:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-22638
Mitre link : CVE-2023-22638
CVE.ORG link : CVE-2023-22638
JSON object : View
Products Affected
fortinet
- fortinac
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')