CVE-2022-41336 MEDIUM

CVE-2022-41336

Vendor Fortinet

Product FortiPortal

Weakness CWE-79 · XSS

Published January 3, 2023

Last update October 23, 2024

View on NVD All CVEs

CVSS base score

6.6/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:C

What the vulnerability does

01Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter.

Key dates

02Disclosure timeline

January 3, 2023 CVE published

October 23, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-41336 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-41336

CWE CWE-79

CVSS 6.6 / MEDIUM

Affected versions

Vendor Fortinet

Product FortiPortal

Affected ≥ 6.0.0 and ≤ 6.0.11

Vendor Fortinet

Product FortiPortal

Affected ≥ 5.3.0 and ≤ 5.3.8

Vendor Fortinet

Product FortiPortal

Affected ≥ 5.2.0 and ≤ 5.2.6

Vendor Fortinet

Product FortiPortal

Affected ≥ 5.1.0 and ≤ 5.1.2

Vendor Fortinet

Product FortiPortal

Affected ≥ 5.0.0 and ≤ 5.0.3

CVE-2022-41336

01Description

02Disclosure timeline

03References

04Related CVE