vulnerability

Fortinet FortiManager: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2022-39950)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:S/C:C/I:C/A:C)	Nov 2, 2022	Nov 14, 2022	Aug 1, 2025

Severity

CVSS

(AV:N/AC:M/Au:S/C:C/I:C/A:C)

Published

Nov 2, 2022

Added

Nov 14, 2022

Modified

Aug 1, 2025

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.

Solutions

fortinet-fortimanager-upgrade-6_2_10fortinet-fortimanager-upgrade-6_4_9fortinet-fortimanager-upgrade-7_0_5

References

CVE-2022-39950
https://attackerkb.com/topics/CVE-2022-39950
URL-https://fortiguard.com/psirt/FG-IR-21-228

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today