Lucene search

[email protected]NVD:CVE-2021-43080

HistorySep 06, 2022 - 4:15 p.m.

CVE-2021-43080

2022-09-0616:15:08

CWE-79

[email protected]

web.nvd.nist.gov

fortios

input neutralization

cross site scripting

threat feed ip address

security fabric external connectors

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.7%

JSON

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.

Affected configurations

Nvd

Node

fortinetfortiosRange6.4.0–6.4.10

fortinetfortiosRange7.0.0–7.0.6

fortinetfortiosMatch7.2.0

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*
fortinetfortios7.2.0cpe:2.3:o:fortinet:fortios:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::
fortinet	fortios	7.2.0	cpe:2.3:o:fortinet:fortios:7.2.0:::::::*

References

fortiguard.com/psirt/FG-IR-21-222