vulnerability
Fortinet FortiOS: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CVE-2022-41330)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Apr 11, 2023 | Apr 20, 2023 | Mar 30, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Apr 11, 2023
Added
Apr 20, 2023
Modified
Mar 30, 2026
Description
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
Solutions
fortios-upgrade-6_2_13fortios-upgrade-6_4_12fortios-upgrade-7_0_10fortios-upgrade-7_2_4
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.