Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-43955: Fortiguard

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

CVE
Open in Source
#xss#vulnerability#web#auth

** PSIRT Advisories**

FortiWeb - XSS vulnerability in HTML generated attack report files

Summary

An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

Affected Products

FortiWeb version 7.0.0 through 7.0.3
FortiWeb 6.4 all versions
FortiWeb version 6.3.0 through 6.3.21
FortiWeb version 6.2 all versions
FortiWeb version 6.1 all versions
FortiWeb version 6.0 all versions

Solutions

Please upgrade to FortiWeb version 7.2.0 or above
Please upgrade to FortiWeb version 7.0.4 or above
Please upgrade to FortiWeb version 6.3.22 or above

Timeline

2023-03-21: Initial publication

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE