CVE-2023-22638

HIGH

FortiNAC <= 9.4.1 - Authenticated Cross-Site Scripting via HTTP GET Requests

Title source: llm

Description

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.

References (1)

Core 1

Core References

Patch, Vendor Advisory

https://fortiguard.com/psirt/FG-IR-22-260

Scores

CVSS v3 7.1

EPSS 0.0066

EPSS Percentile 71.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (4)

fortinet/fortinac 8.3.7

fortinet/fortinac 9.4.0

fortinet/fortinac 9.4.1

fortinet/fortinac 8.5.0 - 8.5.4

Published Feb 16, 2023

Tracked Since Feb 18, 2026