CVE-2023-46713

An improper output neutralization for logs in Fortinet FortiWeb 6.2.0 - 6.2.8, 6.3.0 - 6.3.23, 7.0.0 - 7.0.9, 7.2.0 - 7.2.5 and 7.4.0 may allow an attacker to forge traffic logs via a crafted URL of the web application.

Published: Dec 13, 2023
Updated: Dec 20, 2023
CVE: CVE-2023-46713
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-117

Affected Software
References

Software	From	Fixed in
fortinet / fortiweb	6.3.0	6.3.23.x
fortinet / fortiweb	7.4.0	7.4.0.x
fortinet / fortiweb	7.2.0	7.2.5.x
fortinet / fortiweb	7.0.0	7.0.9.x
fortinet / fortiweb	6.2.0	6.2.8.x

https://fortiguard.com/psirt/FG-IR-23-256

Vulnerability Database

289,784

CVE-2023-46713