We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-29183



Assignerfortinet
Reserved2023-04-03
Published2023-09-13
Updated2024-10-22

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.



HIGH: 7.3CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

Product status

Default status
unaffected

7.2.0
affected

7.0.0
affected

Default status
unaffected

7.2.0
affected

7.0.0
affected

6.4.0
affected

6.2.0
affected

References

https://fortiguard.com/psirt/FG-IR-23-106

cve.org CVE-2023-29183

nvd.nist.gov CVE-2023-29183

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.