Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2022-41330

An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

  • Published: Apr 11, 2023
  • Updated: Apr 19, 2023
  • CVE: CVE-2022-41330
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortiproxy 7.2.0 7.2.2
fortinet / fortiproxy 7.0.0 7.0.8
fortinet / fortios 7.2.0 7.2.4
fortinet / fortios 6.2.0 6.2.13
fortinet / fortios 6.4.0 6.4.12
fortinet / fortios 7.0.0 7.0.10