exploitDog

GHSA-2mx3-6c3v-gprg

Опубликовано: 02 нояб. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

Ссылки

EPSS

Процентиль: 74%

0.00838

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-38373

CVSS3: 8

nvd

больше 3 лет назад

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiDeceptor management interface 4.2.0, 4.1.0 through 4.1.1, 4.0.2 may allow an authenticated user to perform a cross site scripting (XSS) attack via sending requests with specially crafted lure resource ID.

BDU:2022-07200

CVSS3: 8

fstec

больше 3 лет назад

Уязвимость интерфейса управления средства выявления и принятия мер реагирования на внешние и внутренние угрозы безопасности Fortinet FortiDeceptor, позволяющая нарушителю проводить спуфинг-атаки

EPSS

Процентиль: 74%

0.00838

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79