Vulnerability Database

290,273

Total vulnerabilities in the database

CVE-2021-43080

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.

  • Published: Sep 6, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-43080
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortios 7.2.0 7.2.0.x
fortinet / fortios 7.0.0 7.0.6
fortinet / fortios 6.4.0 6.4.10