Lucene search

FortinetCVELIST:CVE-2021-43081

HistoryMay 11, 2022 - 2:30 p.m.

CVE-2021-43081

2022-05-1114:30:18

fortinet

www.cve.org

improper input neutralization

web page generation

cwe-79

fortios

fortiproxy

xss attack

http get requests

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/RL:W

EPSS

0.001

Percentile

38.5%

JSON

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

CNA Affected

[
  {
    "product": "Fortinet FortiProxy",
    "vendor": "Fortinet",
    "versions": [
      {
        "status": "affected",
        "version": "FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0."
      }
    ]
  }
]

References

fortiguard.com/psirt/FG-IR-21-230

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/RL:W

EPSS

0.001

Percentile

38.5%

JSON

Related for CVELIST:CVE-2021-43081