CVE-2022-22304

Summary

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortinet FortiAuthenticator OutlookAgentFortiAuthenticator Agent for Microsoft OWA version 2.2 and 2.1.affected

Weaknesses

  • Information disclosure

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References