A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-22-077 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2022-07-18T16:41:12
Updated: 2024-08-03T06:10:59.274Z
Reserved: 2022-04-11T00:00:00
Link: CVE-2022-29057
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-07-19T14:15:08.550
Modified: 2022-07-27T07:20:51.847
Link: CVE-2022-29057
Redhat
No data.