We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2021-43081



Assignerfortinet
Reserved2021-10-28
Published2022-05-11
Updated2024-10-22

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.



MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:W/RC:X

Product status

FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0.
affected

References

https://fortiguard.com/psirt/FG-IR-21-230

cve.org CVE-2021-43081

nvd.nist.gov CVE-2021-43081

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-43081
Subscribe to our newsletter to learn more about our work.