What is CVE-2022-43955?

CVE-2022-43955 is a high-severity vulnerability in Fortinet Fortiweb, classified under Cross-site Scripting. CVSS score: 8.0/10. Published 2023-04-11.

How severe is CVE-2022-43955?

High severity. CVSS v3 base score is 8.0 out of 10.

XSS in Fortinet Fortiweb

CVE-2022-43955

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthe…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.003 (50.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R.

Affected products

Fortinet Fortiweb — versions 7.0.0, 6.4.0, 6.3.0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://fortiguard.com/psirt/FG-IR-22-428

Frequently asked questions

What is CVE-2022-43955?: CVE-2022-43955 is a high-severity vulnerability in Fortinet Fortiweb, classified under Cross-site Scripting. CVSS score: 8.0/10. Published 2023-04-11.
How severe is CVE-2022-43955?: High severity. CVSS v3 base score is 8.0 out of 10.