CVE-2022-29057

Published: Jul 19, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.

Affected (10)

Products: Fortinet: Fortiedr

Fortinet

1 product

Fortiedr

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiedr	From 5.0.0 to 5.0.3
Fortinet Fortiedr	Version 4.0.0
Fortinet Fortiedr	Version 5.0.3
Fortinet Fortiedr	Version 5.0.3 patch1
Fortinet Fortiedr	Version 5.0.3 patch2
Fortinet Fortiedr	Version 5.0.3 patch3
Fortinet Fortiedr	Version 5.0.3 patch4
Fortinet Fortiedr	Version 5.0.3 patch5
Fortinet Fortiedr	Version 5.0.3 patch6
Fortinet Fortiedr	Version 5.1.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://fortiguard.com/psirt/FG-IR-22-077

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-077

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.