CVE-2024-31488

An improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC version 9.4.0 through 9.4.4, 9.2.0 through 9.2.8, 9.1.0 through 9.1.10, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 7.2.0 through 7.2.3 may allow a remote authenticated attacker to perform stored and reflected cross site scripting (XSS) attack via crafted HTTP requests.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://fortiguard.com/psirt/FG-IR-24-040
https://fortiguard.com/psirt/FG-IR-24-040

Configurations

No configuration.

History

21 Nov 2024, 09:13

Type	Values Removed	Values Added
Summary		(es) Una neutralización inadecuada de entradas durante la vulnerabilidad de generación de páginas web [CWE-79] en FortiNAC versión 9.4.0 a 9.4.4, 9.2.0 a 9.2.8, 9.1.0 a 9.1.10, 8.8.0 a 8.8.11, 8.7.0 a 8.7.6, 7.2.0 a 7.2.3 pueden permitir que un atacante remoto autenticado realice un ataque de Cross Site Scripting (XSS) almacenado y reflejado a través de solicitudes HTTP manipuladas.
References	~~() https://fortiguard.com/psirt/FG-IR-24-040 -~~	() https://fortiguard.com/psirt/FG-IR-24-040 -

14 May 2024, 17:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 17:17

Updated : 2024-11-21 09:13

NVD link : CVE-2024-31488

Mitre link : CVE-2024-31488

CVE.ORG link : CVE-2024-31488

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.8 /10