An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.
References
Link | Resource |
---|---|
https://fortiguard.fortinet.com/psirt/FG-IR-23-471 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Aug 2024, 02:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:* |
|
References | () https://fortiguard.fortinet.com/psirt/FG-IR-23-471 - Vendor Advisory | |
First Time |
Fortinet fortios
Fortinet Fortinet fortiproxy |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
19 Aug 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. |
11 Jul 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests. |
13 Jun 2024, 18:36
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
11 Jun 2024, 15:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-11 15:16
Updated : 2024-08-23 02:47
NVD link : CVE-2024-23111
Mitre link : CVE-2024-23111
CVE.ORG link : CVE-2024-23111
JSON object : View
Products Affected
fortinet
- fortios
- fortiproxy
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')