CVE-2023-37933

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authenticated attacker to perform an XSS attack via crafted HTTP or HTTPs requests.

CVSS breakdown

Affected products

• fortinet / fortiadc7.4.0 – 7.4.0
• fortinet / fortiadc7.2.1 – 7.2.1
• fortinet / fortiadc7.2.0 – 7.2.0
• fortinet / fortiadc7.1.3 – 7.1.3
• fortinet / fortiadc7.1.2 – 7.1.2
• fortinet / fortiadc7.1.1 – 7.1.1
• fortinet / fortiadc7.1.0 – 7.1.0
• fortinet / fortiadc7.0.5 – 7.0.5
• fortinet / fortiadc7.0.4 – 7.0.4
• fortinet / fortiadc7.0.3 – 7.0.3
• fortinet / fortiadc7.0.2 – 7.0.2
• fortinet / fortiadc7.0.1 – 7.0.1
• fortinet / fortiadc7.0.0 – 7.0.0
• fortinet / fortiadc6.2.6 – 6.2.6
• fortinet / fortiadc6.2.5 – 6.2.5
• fortinet / fortiadc6.2.4 – 6.2.4
• fortinet / fortiadc6.2.3 – 6.2.3
• fortinet / fortiadc6.2.2 – 6.2.2
• fortinet / fortiadc6.2.1 – 6.2.1
• fortinet / fortiadc6.2.0 – 6.2.0
• fortinet / fortiadc6.1.6 – 6.1.6
• fortinet / fortiadc6.1.5 – 6.1.5
• fortinet / fortiadc6.1.4 – 6.1.4
• fortinet / fortiadc6.1.3 – 6.1.3
• fortinet / fortiadc6.1.2 – 6.1.2
• fortinet / fortiadc6.1.1 – 6.1.1
• fortinet / fortiadc6.1.0 – 6.1.0
• fortinet / fortiadc6.0.4 – 6.0.4
• fortinet / fortiadc6.0.3 – 6.0.3
• fortinet / fortiadc6.0.2 – 6.0.2
• fortinet / fortiadc6.0.1 – 6.0.1
• fortinet / fortiadc6.0.0 – 6.0.0
• fortinet / fortiadc5.4.5 – 5.4.5
• fortinet / fortiadc5.4.4 – 5.4.4
• fortinet / fortiadc5.4.3 – 5.4.3
• fortinet / fortiadc5.4.2 – 5.4.2
• fortinet / fortiadc5.4.1 – 5.4.1
• fortinet / fortiadc5.4.0 – 5.4.0
• fortinet / fortiadc5.3.7 – 5.3.7
• fortinet / fortiadc5.3.6 – 5.3.6
• fortinet / fortiadc5.3.5 – 5.3.5
• fortinet / fortiadc5.3.4 – 5.3.4
• fortinet / fortiadc5.3.3 – 5.3.3
• fortinet / fortiadc5.3.2 – 5.3.2
• fortinet / fortiadc5.3.1 – 5.3.1
• fortinet / fortiadc5.3.0 – 5.3.0

References

• VENDOR_ADVISORYhttps://fortiguard.com/psirt/FG-IR-23-216