CVE-2022-38374

HIGH

Fortinet FortiADC <7.0.2, <6.2.4 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-38374. PoCs published by azhurtanov, M4fiaB0y.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2022-38374, which targets FortiADC. The exploit leverages an XSS vulnerability to achieve remote code execution (RCE) by sending a crafted payload that establishes a reverse shell.

Description

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiADC 7.0.0 - 7.0.2 and 6.2.0 - 6.2.4 allows an attacker to execute unauthorized code or commands via the URL and User fields observed in the traffic and event logviews.

Exploits (2)

nomisec WORKING POC 9 stars

by azhurtanov · poc

https://github.com/azhurtanov/CVE-2022-38374

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-38374, which targets FortiADC. The exploit leverages an XSS vulnerability to achieve remote code execution (RCE) by sending a crafted payload that establishes a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FortiADC

Auth required

Prerequisites: Network access to the target FortiADC instance · Valid session token (JWT) for authentication

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec WORKING POC 2 stars

by M4fiaB0y · poc

https://github.com/M4fiaB0y/CVE-2022-38374

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2022-38374, which chains an XSS vulnerability in FortiADC to achieve remote code execution (RCE) via a reverse shell. The exploit constructs a malicious payload that leverages the AWS scripting interface and uses chunked encoding to bypass input restrictions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FortiADC

Auth required

Prerequisites: Valid session token (JWT) for authenticated access · Network access to the target FortiADC instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-232

Scores

CVSS v3 8.8

EPSS 0.0172

EPSS Percentile 74.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

fortinet/fortiadc 6.2.0 - 6.2.4

Published Nov 02, 2022

Tracked Since Feb 18, 2026