6.8
CVE-2024-23111
- EPSS 0.14%
- Veröffentlicht 11.06.2024 15:16:03
- Zuletzt bearbeitet 21.11.2024 08:56:57
- Quelle psirt@fortinet.com
- Teams Watchlist Login
- Unerledigt Login
An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortiproxy Version >= 7.0.0 < 7.0.15
Fortinet ≫ Fortiproxy Version >= 7.2.0 < 7.2.9
Fortinet ≫ Fortiproxy Version >= 7.4.0 < 7.4.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.14% | 0.343 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| psirt@fortinet.com | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.