CVE-2021-22122

MEDIUM EXPLOITED NUCLEI

Fortinet Fortiweb < 6.2.3 - XSS

Title source: rule

Description

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.

Nuclei Templates (1)

FortiWeb - Cross Site Scripting

MEDIUMby dwisiswant0

Shodan: http.title:"fortiweb - "

FOFA: title="fortiweb - "

References (1)

[Vendor Advisory] https://fortiguard.com/advisory/FG-IR-20-122

Scores

CVSS v3 6.1

EPSS 0.5564

EPSS Percentile 98.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2024-01-22

CWE

CWE-79

Status published

Products (1)

fortinet/fortiweb < 6.2.3

Published Feb 08, 2021

Tracked Since Feb 18, 2026