FortiADC 7.0.0-7.0.2 and 6.2.0-6.2.4 XSS via URL/User fields in web page gen
CVE-2022-38374 Published on November 2, 2022

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.

NVD

Vulnerability Analysis

CVE-2022-38374 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Products Associated with CVE-2022-38374

Want to know whenever a new CVE is published for Fortinet Fortiadc? stack.watch will email you.

Fortinet Fortiadc

Affected Versions

Fortinet FortiADC Version FortiADC 7.0.2, 7.0.1, 7.0.0, 6.2.4, 6.2.3, 6.2.2, 6.2.1, 6.2.0 is affected by CVE-2022-38374

Exploit Probability

EPSS

16.68%

Percentile

94.79%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

FortiADC 7.0.0-7.0.2 and 6.2.0-6.2.4 XSS via URL/User fields in web page genCVE-2022-38374 Published on November 2, 2022

Vulnerability Analysis

Products Associated with CVE-2022-38374

Affected Versions

Exploit Probability

FortiADC 7.0.0-7.0.2 and 6.2.0-6.2.4 XSS via URL/User fields in web page gen
CVE-2022-38374 Published on November 2, 2022