Headline
CVE-2022-29057: Fortiguard
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.
** PSIRT Advisories**
FortiEDR - Cross Site Scripting (XSS) vulnerabilities over the Management Console
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiEDR Central Manager may allow a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) via injecting a malicious payload into the Management Console through various endpoints.
Affected Products
At least
FortiEDR Central Manager version 4.0.0
FortiEDR Central Manager version 5.0.0 through 5.0.3 Patch 6
FortiEDR Central Manager version 5.1.0
Solutions
Please upgrade FortiEDR Central Manager to version 5.2.0 and above,
Please upgrade FortiEDR Central Manager to version 5.0.3 Patch 7 and above.
Related news
Four high, six medium, and one low severity issue fixed