A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.
References
| Link | Resource |
|---|---|
| https://fortiguard.com/psirt/FG-IR-22-077 | Vendor Advisory |
| https://fortiguard.com/psirt/FG-IR-22-077 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:58
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://fortiguard.com/psirt/FG-IR-22-077 - Vendor Advisory |
27 Jul 2022, 07:20
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
| References | (CONFIRM) https://fortiguard.com/psirt/FG-IR-22-077 - Vendor Advisory | |
| CPE | cpe:2.3:a:fortinet:fortiedr:5.0.3:patch6:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:5.1.0:-:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:5.0.3:-:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:5.0.3:patch2:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:5.0.3:patch5:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:5.0.3:patch1:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:5.0.3:patch4:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiedr:5.0.3:patch3:*:*:*:*:*:* |
19 Jul 2022, 15:11
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-07-19 14:15
Updated : 2024-11-21 06:58
NVD link : CVE-2022-29057
Mitre link : CVE-2022-29057
CVE.ORG link : CVE-2022-29057
JSON object : View
Products Affected
fortinet
- fortiedr
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')