CVE-2023-29183 HIGH

CVE-2023-29183

Vendor Fortinet
Product FortiProxy
Weakness CWE-79 · XSS
Published September 13, 2023
Last update December 16, 2025
View on NVD All CVEs

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

What the vulnerability does

01Description

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.

Key dates

02Disclosure timeline

September 13, 2023 CVE published
December 16, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-7856 PHPGurukul Apartment Visitors Management System HTTP POST Request pass-details.php cross site scripting CVE-2025-53519 Advantech iView Cross-site Scripting CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage CVE-2025-66309 Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab CVE-2023-31233 WordPress Baidu Tongji generator Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)