Fortinet FortiOS up to 6.4.9/7.0.5 Captive Portal Authentication Replacement Page cross site scripting

A vulnerability classified as problematic has been found in Fortinet FortiOS up to 6.4.9/7.0.5 (Firewall Software). Affected is an unknown code block of the component Captive Portal Authentication Replacement Page. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field07/19/2022 11:29 AM08/06/2022 02:08 PM
vendorFortinetFortinet
nameFortiOSFortiOS
version<=6.4.9/7.0.5<=6.4.9/7.0.5
componentCaptive Portal Authentication Replacement PageCaptive Portal Authentication Replacement Page
cwe79 (cross site scripting)79 (cross site scripting)
risk11
cvss3_vuldb_avNN
cvss3_vuldb_acHH
cvss3_vuldb_prNN
cvss3_vuldb_uiRR
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aNN
cvss3_vuldb_rcCC
cvss3_cna_avNN
cvss3_cna_acHH
cvss3_cna_prNN
cvss3_cna_uiRR
cvss3_cna_sCC
cvss3_cna_cLL
cvss3_cna_iLL
cvss3_cna_aNN
urlhttps://fortiguard.com/psirt/FG-IR-21-057https://fortiguard.com/psirt/FG-IR-21-057
cveCVE-2022-23438CVE-2022-23438
cve_assigned1642546800 (01/19/2022)1642546800 (01/19/2022)
cve_cnaFortinet, Inc.Fortinet, Inc.
cve_nvd_summaryAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page.
date1658181600 (07/19/2022)1658181600 (07/19/2022)
typeFirewall SoftwareFirewall Software
cvss2_vuldb_avNN
cvss2_vuldb_acHH
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiNN
cvss2_vuldb_rcCC
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_cna_basescore4.74.7
cvss2_vuldb_basescore2.62.6
cvss2_vuldb_tempscore2.62.6
cvss3_vuldb_basescore3.13.1
cvss3_vuldb_tempscore3.13.1
cvss3_meta_basescore3.94.6
cvss3_meta_tempscore3.94.6
price_0day$0-$5k$0-$5k
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss3_nvd_basescore6.1

Want to stay up to date on a daily basis?

Enable the mail alert feature now!