CVE-2022-38376
MEDIUMFortinet FortiNAC < 9.4.1 - Cross-Site Scripting via Crafted HTTP Requests
Title source: llmDescription
Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.com/psirt/FG-IR-22-273
Scores
CVSS v3
6.1
EPSS
0.0043
EPSS Percentile
63.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (2)
fortinet/fortinac
8.3.7
fortinet/fortinac
8.5.0 - 8.5.4
Published
Feb 16, 2023
Tracked Since
Feb 18, 2026