vulnerability

Fortinet FortiManager: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2022-39950)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:M/Au:S/C:P/I:P/A:N)	2022-11-02	2022-11-14	2025-01-30

Severity

CVSS

(AV:N/AC:M/Au:S/C:P/I:P/A:N)

Published

2022-11-02

Added

2022-11-14

Modified

2025-01-30

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.

Solution(s)

fortinet-fortimanager-upgrade-6_2_10fortinet-fortimanager-upgrade-6_4_9fortinet-fortimanager-upgrade-7_0_5

References

CVE-2022-39950
https://attackerkb.com/topics/CVE-2022-39950
URL-https://fortiguard.com/psirt/FG-IR-21-228

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today