CVE-2022-41330

HIGH

Fortinet FortiOS <7.2.4, FortiProxy <7.0.8 - XSS

Title source: llm
STIX 2.1

Description

An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0065
EPSS Percentile 46.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (2)
fortinet/fortios 6.2.0 - 6.2.13
fortinet/fortiproxy 7.0.0 - 7.0.8
Published Apr 11, 2023
Tracked Since Feb 18, 2026