What is CVE-2021-43062?

CVE-2021-43062 is a medium-severity vulnerability in Fortinet Fortimail. CVSS score: 6.1/10. Published 2022-02-02.

How severe is CVE-2021-43062?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Is CVE-2021-43062 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fortinet Fortimail

CVE-2021-43062

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute una…

EPSS: 0.571 (98.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C.

Affected products

Fortinet Fortimail — versions FortiMail 7.0.1, 7.0.0, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0, 6.0.11, 6.0.10, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.1, 6.0.0

Public proof-of-concept exploits

References

fortiguard.com/advisory/FG-IR-21-185 (x_refsource_CONFIRM)
packetstormsecurity.com/files/166055/Fortinet-Fortimail-7.0.1-Cross-Site-Script… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-43062?: CVE-2021-43062 is a medium-severity vulnerability in Fortinet Fortimail. CVSS score: 6.1/10. Published 2022-02-02.
How severe is CVE-2021-43062?: Medium severity. CVSS v3 base score is 6.1 out of 10.
Is CVE-2021-43062 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.