CVE-2022-43952 LOW

CVE-2022-43952

Vendor Fortinet
Product FortiADC
Weakness CWE-79 · XSS
Published April 11, 2023
Last update October 22, 2024
View on NVD All CVEs

CVSS base score

3.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N/E:P/RL:X/RC:C

What the vulnerability does

01Description

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.

Key dates

02Disclosure timeline

April 11, 2023 CVE published
October 22, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-52459 WordPress Chameleoni Jobs plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-2385 Netgear SRX5308 Web Management Interface cross site scripting CVE-2021-1239 Cisco Firepower Management Center Stored Cross-Site Scripting Vulnerabilities CVE-2026-6962 Cost of Goods: Product Cost & Profit Calculator for WooCommerce <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2021-38339 Simple Matted Thumbnails <= 1.01 Reflected Cross-Site Scripting