An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-106 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
15 Sep 2023, 13:23
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://fortiguard.com/psirt/FG-IR-23-106 - Vendor Advisory | |
CWE | CWE-79 | |
CPE | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
First Time |
Fortinet fortiproxy
Fortinet fortios Fortinet |
13 Sep 2023, 13:57
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-13 13:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-29183
Mitre link : CVE-2023-29183
CVE.ORG link : CVE-2023-29183
JSON object : View
Products Affected
fortinet
- fortios
- fortiproxy
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')