What is CVE-2021-22122?

CVE-2021-22122 is a vulnerability in Fortinet Fortiweb. Published 2021-02-08.

Is CVE-2021-22122 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fortinet Fortiweb

CVE-2021-22122

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by…

EPSS: 0.700 (98.7th percentile) — read the EPSS interpretation.

Affected products

Fortinet Fortiweb — versions FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
TheCyberpunker/payloads
d4n-sec/d4n-sec.github.io
sobinge/nuclei-templates

References

fortiguard.com/advisory/FG-IR-20-122 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-22122?: CVE-2021-22122 is a vulnerability in Fortinet Fortiweb. Published 2021-02-08.
Is CVE-2021-22122 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.