CVE-2021-22122

EPSS 10.5%

Vexday Risk Score

23Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 10.5%KEV nãoPoC —Nuclei simMetasploit —Patch —

Lifecycle

08 Feb 2021Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.

Affected products

Fortinet · Fortinet FortiWeb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fortiguard.com/advisory/FG-IR-20-122