Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2023-29183

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.

  • Published: Sep 13, 2023
  • Updated: Sep 20, 2023
  • CVE: CVE-2023-29183
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortios 7.2.0 7.2.5
fortinet / fortios 6.4.0 6.4.13
fortinet / fortios 7.0.0 7.0.12
fortinet / fortios 6.2.0 6.2.15
fortinet / fortiproxy 7.2.0 7.2.5
fortinet / fortiproxy 7.0.0 7.0.11