CVE-2022-41336

CVSS V2 None CVSS V3 None
Description
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.
Overview
  • CVE ID
  • CVE-2022-41336
  • Assigner
  • psirt@fortinet.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-03T17:15:10
  • Last Modified Date
  • 2023-01-10T02:22:12
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* 1 OR 5.0.0 5.0.3
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* 1 OR 5.1.0 5.1.2
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* 1 OR 5.2.0 5.2.6
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* 1 OR 5.3.0 5.3.8
cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:* 1 OR 6.0.0 6.0.11
References
Reference URL Reference Tags
https://fortiguard.com/psirt/FG-IR-22-313
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-41336
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41336
History
Created Old Value New Value Data Type Notes
2023-01-03 18:17:05 Added to TrackCVE
2023-01-04 14:14:25 2023-01-04T14:03:02 CVE Modified Date updated
2023-01-04 14:14:25 Received Awaiting Analysis Vulnerability Status updated
2023-01-09 12:21:24 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-10 03:41:37 2023-01-10T02:22:12 CVE Modified Date updated
2023-01-10 03:41:37 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-10 03:41:38 Weakness Enumeration new
2023-01-10 03:41:40 CPE Information updated