vulnerability

Fortinet FortiAnalyzer: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2022-30304)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Feb 16, 2023	Feb 27, 2023	Aug 1, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Feb 16, 2023

Added

Feb 27, 2023

Modified

Aug 1, 2025

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.

Solutions

fortinet-fortianalyzer-upgrade-6_4_9fortinet-fortianalyzer-upgrade-7_0_5

References

CVE-2022-30304
https://attackerkb.com/topics/CVE-2022-30304
URL-https://fortiguard.com/psirt/FG-IR-22-166

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today