An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-21-057 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-07-18T16:40:44
Updated: 2024-08-03T03:43:45.631Z
Reserved: 2022-01-19T00:00:00
Link: CVE-2022-23438
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-18T18:15:08.963
Modified: 2022-07-25T14:29:49.487
Link: CVE-2022-23438
Redhat
No data.