Vulnerability Details CVE-2024-35280
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.5%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2024-35280
-
cpe:2.3:a:fortinet:fortideceptor:3.0.0
-
cpe:2.3:a:fortinet:fortideceptor:3.0.1
-
cpe:2.3:a:fortinet:fortideceptor:3.0.2
-
cpe:2.3:a:fortinet:fortideceptor:3.1
-
cpe:2.3:a:fortinet:fortideceptor:3.1.0
-
cpe:2.3:a:fortinet:fortideceptor:3.1.1
-
cpe:2.3:a:fortinet:fortideceptor:3.2.0
-
cpe:2.3:a:fortinet:fortideceptor:3.2.1
-
cpe:2.3:a:fortinet:fortideceptor:3.2.2
-
cpe:2.3:a:fortinet:fortideceptor:3.3.0
-
cpe:2.3:a:fortinet:fortideceptor:3.3.1
-
cpe:2.3:a:fortinet:fortideceptor:3.3.2
-
cpe:2.3:a:fortinet:fortideceptor:3.3.3
-
cpe:2.3:a:fortinet:fortideceptor:4.0.0
-
cpe:2.3:a:fortinet:fortideceptor:4.0.1
-
cpe:2.3:a:fortinet:fortideceptor:4.0.2
-
cpe:2.3:a:fortinet:fortideceptor:4.0.3
-
cpe:2.3:a:fortinet:fortideceptor:4.1.0
-
cpe:2.3:a:fortinet:fortideceptor:4.1.1
-
cpe:2.3:a:fortinet:fortideceptor:4.1.2
-
cpe:2.3:a:fortinet:fortideceptor:4.2.0
-
cpe:2.3:a:fortinet:fortideceptor:4.2.1
-
cpe:2.3:a:fortinet:fortideceptor:5.0.0
-
cpe:2.3:a:fortinet:fortideceptor:5.1.0
-
cpe:2.3:a:fortinet:fortideceptor:5.2.0
-
cpe:2.3:a:fortinet:fortideceptor:5.3.0