An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.
References
Link | Resource |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-23-471 | Vendor Advisory |
https://fortiguard.fortinet.com/psirt/FG-IR-23-471 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
References | () https://fortiguard.fortinet.com/psirt/FG-IR-23-471 - Vendor Advisory |
23 Aug 2024, 02:47
Type | Values Removed | Values Added |
---|---|---|
References | () https://fortiguard.fortinet.com/psirt/FG-IR-23-471 - Vendor Advisory | |
First Time |
Fortinet
Fortinet fortiproxy Fortinet fortios |
|
CPE | cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
19 Aug 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. |
11 Jul 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. |
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jun 2024, 15:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-11 15:16
Updated : 2024-11-21 08:56
NVD link : CVE-2024-23111
Mitre link : CVE-2024-23111
CVE.ORG link : CVE-2024-23111
JSON object : View
Products Affected
fortinet
- fortiproxy
- fortios
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')