Main Vulnerability Database Vulnerabilities #VU75068

#VU75068 Stored cross-site scripting in FortiWeb - CVE-2022-43955

Published: April 13, 2023

Vulnerability identifier: #VU75068

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: CVE-2022-43955

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiWeb

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed by injecting malicious payload in log entries used to build report. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website when the victim views the generated attack report.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

External links

https://fortiguard.com/psirt/FG-IR-22-428

#VU75068 Stored cross-site scripting in FortiWeb - CVE-2022-43955

Description

Remediation

External links

Please verify you're human