Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2024-35280

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints

  • Published: Jan 15, 2025
  • Updated: May 4, 2025
  • CVE: CVE-2024-35280
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortideceptor 5.3.0 5.3.0.x
fortinet / fortideceptor 3.0.0 5.2.1