EUVD-2021-22809

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

Improper neutralization of input in Fortinet FortiWeb allows attackers to execute unauthorized code.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2021-36188	8 Dec 202120:22	–	circl
CNNVD	Fortinet FortiWeb 跨站脚本漏洞	8 Dec 202100:00	–	cnnvd
CNVD	Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2021-99662)	13 Dec 202100:00	–	cnvd
CVE	CVE-2021-36188	8 Dec 202113:24	–	cve
Cvelist	CVE-2021-36188	8 Dec 202113:24	–	cvelist
Fortinet	FortiWeb - Reflected cross-site scripting in error controllers	7 Dec 202100:00	–	fortinet
Tenable Nessus	Fortinet FortiWeb xss (FG-IR-21-118)	27 Oct 202400:00	–	nessus
NCSC	Vulnerabilities fixed in Fortinet FortiWeb	9 Dec 202100:00	–	ncsc
NVD	CVE-2021-36188	8 Dec 202117:15	–	nvd
OSV	CVE-2021-36188	8 Dec 202117:15	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "7351f4f6-37a9-3c0c-9a7d-83d04c2ea96e",
        "vendor": {
          "name": "Fortinet"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "839985db-b61b-3c8d-9e77-c9beaf4f5b58",
        "product": {
          "name": "Fortinet FortiWeb"
        },
        "product_version": "FortiWeb 6.4.1, 6.4.0, 6.3.15, 6.3.14, 6.3.13, 6.3.12, 6.3.11, 6.3.10, 6.3.9, 6.3.8, 6.3.7, 6.3.6, 6.3.5, 6.3.4, 6.3.3, 6.3.2, 6.3.1, 6.3.0, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.1.2, 6.1.1, 6.1.0, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/advisory/FG-IR-21-118
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.1Medium risk

Vulners AI Score6.1

CVSS 3.16.1

CVSS 24.3

EPSS0.00374

SSVC