CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41334

An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.9%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2022-41334

Fortinet » Fortios » Version: 7.0.0

cpe:2.3:o:fortinet:fortios:7.0.0
Fortinet » Fortios » Version: 7.0.1

cpe:2.3:o:fortinet:fortios:7.0.1
Fortinet » Fortios » Version: 7.0.2

cpe:2.3:o:fortinet:fortios:7.0.2
Fortinet » Fortios » Version: 7.0.3

cpe:2.3:o:fortinet:fortios:7.0.3
Fortinet » Fortios » Version: 7.0.4

cpe:2.3:o:fortinet:fortios:7.0.4
Fortinet » Fortios » Version: 7.0.5

cpe:2.3:o:fortinet:fortios:7.0.5
Fortinet » Fortios » Version: 7.0.6

cpe:2.3:o:fortinet:fortios:7.0.6
Fortinet » Fortios » Version: 7.0.7

cpe:2.3:o:fortinet:fortios:7.0.7
Fortinet » Fortios » Version: 7.2.0

cpe:2.3:o:fortinet:fortios:7.2.0
Fortinet » Fortios » Version: 7.2.1

cpe:2.3:o:fortinet:fortios:7.2.1
Fortinet » Fortios » Version: 7.2.2

cpe:2.3:o:fortinet:fortios:7.2.2
Fortinet » Fortios » Version: 7.2.3

cpe:2.3:o:fortinet:fortios:7.2.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-41334

Products

Pricing

Contact Us