| IR Number | FG-IR-21-228 |
| Date | Nov 1, 2022 |
| Severity |
High |
| CVSSv3 Score | 7.6 |
| Impact | Execute unauthorized code or commands |
| CVE ID | CVE-2022-39950 |
| Affected Products |
FortiAnalyzer
:
7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
FortiManager
:
7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0, 6.4.8, 6.4.7, 6.4.6, 6.4.5, 6.4.4, 6.4.3, 6.4.2, 6.4.1, 6.4.0, 6.2.9, 6.2.8, 6.2.7, 6.2.6, 6.2.5, 6.2.4, 6.2.3, 6.2.2, 6.2.10, 6.2.1, 6.2.0, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.11, 6.0.10, 6.0.1, 6.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiManager/FortiAnalyzer - XSS Vulnerability in Report Templates
Summary
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiManager and FortiAnalyzer report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.
Affected Products
FortiAnalyzer version 7.0.0 through 7.0.4
FortiAnalyzer version 6.4.0 through 6.4.8
FortiAnalyzer 6.2 all versions
FortiAnalyzer 6.0 all versions
FortiManager version 7.0.0 through 7.0.4
FortiManager version 6.4.0 through 6.4.8
FortiManager 6.2 all versions
FortiManager 6.0 all versions
Solutions
Please upgrade to FortiAnalyzer version 7.2.0 or abovePlease upgrade to FortiAnalyzer version 7.0.5 or above
Please upgrade to FortiAnalyzer version 6.4.9 or above
Please upgrade to FortiManager version 7.2.0 or above
Please upgrade to FortiManager version 7.0.5 or above
Please upgrade to FortiManager version 6.4.9 or above