Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-576v-9h7m-r2jq

Опубликовано: 13 сент. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 8

Описание

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.

Ссылки

EPSS

Процентиль: 69%
0.0059
Низкий

8 High

CVSS3

CVE ID

CVE-2023-29183

Дефекты

CWE-79

Связанные уязвимости

nvd логотип

CVE-2023-29183

CVSS3: 8
nvd
больше 2 лет назад

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.

fstec логотип

BDU:2023-05688

CVSS3: 8
fstec
больше 2 лет назад

Уязвимость графического интерфейса операционных систем FortiOS и прокси-сервера для защиты от интернет-атак FortiProxy, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный JavaScript-код

EPSS

Процентиль: 69%
0.0059
Низкий

8 High

CVSS3

CVE ID

CVE-2023-29183

Дефекты

CWE-79