| Assigner | fortinet |
| Reserved | 2024-01-11 |
| Published | 2024-06-11 |
| Updated | 2024-07-11 |
Description
An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.
| CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R |
Problem types
Execute unauthorized code or commands
Product status
7.4.0
7.2.0
7.0.0
6.4.0
7.4.0
7.2.0
7.0.0
2.0.0
References
https://fortiguard.fortinet.com/psirt/FG-IR-23-471
