CVE-2022-38376

CVSS V2 None CVSS V3 None
Description
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.
Overview
  • CVE ID
  • CVE-2022-38376
  • Assigner
  • psirt@fortinet.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-02-16T19:15:12
  • Last Modified Date
  • 2023-02-24T20:02:16
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* 1 OR 8.5.0 8.5.4
cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* 1 OR 8.6.0 9.4.2
cpe:2.3:a:fortinet:fortinac:8.3.7:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://fortiguard.com/psirt/FG-IR-22-273 Vendor Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 07:51:13 Added to TrackCVE
2023-04-17 07:51:16 Weakness Enumeration new