Vulnerability in Fortinet Fortios
CVE-2022-23438
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross…
EPSS: 0.006 (69.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:W/RC:U.
Affected products
- Fortinet Fortios — versions FortiOS 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.9, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0
References
- fortiguard.com/psirt/FG-IR-21-057 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2022-23438?
- CVE-2022-23438 is a medium-severity vulnerability in Fortinet Fortios. CVSS score: 4.7/10. Published 2022-07-18.
- How severe is CVE-2022-23438?
- Medium severity. CVSS v3 base score is 4.7 out of 10.