CVE-2022-43955

Summary

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiWeb7.0.0 <= 7.0.3affected
FortinetFortiWeb6.4.0 <= 6.4.2affected
FortinetFortiWeb6.3.0 <= 6.3.21affected
FortinetFortiWeb6.2.0 <= 6.2.7affected
FortinetFortiWeb6.1.0 <= 6.1.3affected
FortinetFortiWeb6.0.0 <= 6.0.8affected

Weaknesses

  • CWE-79: Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References