CVE-2022-40680

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages...

Cross site scripting

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages...

CVE-2022-40680

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiOS 6.0.7 - 6.0.15, 6.2.2 - 6.2.12, 6.4.0 - 6.4.9 and 7.0.0 - 7.0.3 allows a privileged attacker to execute unauthorized code or commands via storing malicious payloads in replacement messages...

PT-2022-6108 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 6.0.7 through 6.0.15 Fortinet FortiOS versions 6.2.2 through 6.2.12 Fortinet FortiOS versions 6.4.0 through 6.4.9 Fortinet FortiOS versions 7.0.0 through 7.0.3 Description: The issue is related to improper...

The vulnerability of the “Replacement Messages” component of the FortiOS operating system’s web interface, allowing a hacker to inject arbitrary JavaScript or HTML code

The vulnerability of the Replacement Messages component in the FortiOS operating system’s web interface arises due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...