A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-22-077 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2022-07-18T16:41:12
Updated: 2022-07-19T13:50:09
Reserved: 2022-04-11T00:00:00
Link: CVE-2022-29057
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-07-19T14:15:08.550
Modified: 2022-07-27T07:20:51.847
Link: CVE-2022-29057
JSON object: View
Redhat Information
No data.
CWE