Lucene search

K
fortinetFortiGuard LabsFG-IR-22-275
HistoryApr 11, 2023 - 12:00 a.m.

FortiAuthenticator - Reflected XSS in the password reset page

2023-04-1100:00:00
FortiGuard Labs
www.fortiguard.com
33
fortiauthenticator
reflected xss
password reset
cwe-80
remote attacker
web page vulnerability

EPSS

0.001

Percentile

44.1%

An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the β€œreset-password” page.

EPSS

0.001

Percentile

44.1%

Related for FG-IR-22-275