CVE-2023-37933

Summary

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiADC7.4.0affected
FortinetFortiADC7.2.0 <= 7.2.1affected
FortinetFortiADC7.1.0 <= 7.1.3affected
FortinetFortiADC7.0.0 <= 7.0.5affected
FortinetFortiADC6.2.0 <= 6.2.6affected
FortinetFortiADC6.1.0 <= 6.1.6affected
FortinetFortiADC6.0.0 <= 6.0.4affected
FortinetFortiADC5.4.0 <= 5.4.5affected
FortinetFortiADC5.3.0 <= 5.3.7affected

Weaknesses

  • CWE-79: Execute unauthorized code or commands

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References