Lucene search

[email protected]NVD:CVE-2022-40680

HistoryDec 06, 2022 - 5:15 p.m.

CVE-2022-40680

2022-12-0617:15:10

CWE-79

[email protected]

web.nvd.nist.gov

vulnerability

cross-site scripting

fortinet fortios

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

22.9%

JSON

A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages.

Affected configurations

Nvd

Node

fortinetfortiosRange6.0.7–6.0.15

fortinetfortiosRange6.2.2–6.2.12

fortinetfortiosRange6.4.0–6.4.9

fortinetfortiosRange7.0.0–7.0.3

VendorProductVersionCPE
fortinetfortios*cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fortinet	fortios	*	cpe:2.3:o:fortinet:fortios::::::::

References

fortiguard.com/psirt/FG-IR-21-248