Multiple reflected cross-site scripting vulnerabilities in portal UI

Multiple reflected cross-site scripting vulnerabilities in portal UI Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-273 Final 1 1 2023-02-16T00:00:00 Current version 2023-02-16T00:00:00 2023-02-16T00:00:00 Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiNAC portal UI may allow an attacker to perform an XSS attack via crafted HTTP requests. None Execute unauthorized code or commands FortiNAC version 9.4.0 through 9.4.1FortiNAC 9.2 all versionsFortiNAC 9.1 all versionsFortiNAC 8.8 all versionsFortiNAC 8.7 all versionsFortiNAC 8.6 all versionsFortiNAC 8.5 all versionsFortiNAC 8.3 all versionsFortiNAC 7.2 all versions are not affected Please upgrade to FortiNAC-F version 7.2.0 or abovePlease upgrade to FortiNAC version 9.4.2 or above Internally discovered and reported by Théo Leleu of Fortinet Product Security team. FortiNAC 9.4.1 FortiNAC 9.4.0 FortiNAC 9.2.8 FortiNAC 9.2.7 FortiNAC 9.2.6 FortiNAC 9.2.5 FortiNAC 9.2.4 FortiNAC 9.2.3 FortiNAC 9.2.2 FortiNAC 9.2.1 FortiNAC 9.2.0 FortiNAC 9.1.10 FortiNAC 9.1.9 FortiNAC 9.1.8 FortiNAC 9.1.7 FortiNAC 9.1.6 FortiNAC 9.1.5 FortiNAC 9.1.4 FortiNAC 9.1.3 FortiNAC 9.1.2 FortiNAC 9.1.1 FortiNAC 9.1.0 FortiNAC 8.8.11 FortiNAC 8.8.10 FortiNAC 8.8.9 FortiNAC 8.8.8 FortiNAC 8.8.7 FortiNAC 8.8.6 FortiNAC 8.8.5 FortiNAC 8.8.4 FortiNAC 8.8.3 FortiNAC 8.8.2 FortiNAC 8.8.1 FortiNAC 8.8.0 FortiNAC 8.7.6 FortiNAC 8.7.5 FortiNAC 8.7.4 FortiNAC 8.7.3 FortiNAC 8.7.2 FortiNAC 8.7.1 FortiNAC 8.7.0 FortiNAC 8.6.5 FortiNAC 8.6.4 FortiNAC 8.6.3 FortiNAC 8.6.2 FortiNAC 8.6.1 FortiNAC 8.6.0 FortiNAC 8.5.4 FortiNAC 8.5.3 FortiNAC 8.5.2 FortiNAC 8.5.1 FortiNAC 8.5.0 FortiNAC 8.3.7 Multiple reflected cross-site scripting vulnerabilities in portal UI CVE-2022-38376 FortiNAC-9.4.1 FortiNAC-9.4.0 FortiNAC-9.2.8 FortiNAC-9.2.7 FortiNAC-9.2.6 FortiNAC-9.2.5 FortiNAC-9.2.4 FortiNAC-9.2.3 FortiNAC-9.2.2 FortiNAC-9.2.1 FortiNAC-9.2.0 FortiNAC-9.1.10 FortiNAC-9.1.9 FortiNAC-9.1.8 FortiNAC-9.1.7 FortiNAC-9.1.6 FortiNAC-9.1.5 FortiNAC-9.1.4 FortiNAC-9.1.3 FortiNAC-9.1.2 FortiNAC-9.1.1 FortiNAC-9.1.0 FortiNAC-8.8.11 FortiNAC-8.8.10 FortiNAC-8.8.9 FortiNAC-8.8.8 FortiNAC-8.8.7 FortiNAC-8.8.6 FortiNAC-8.8.5 FortiNAC-8.8.4 FortiNAC-8.8.3 FortiNAC-8.8.2 FortiNAC-8.8.1 FortiNAC-8.8.0 FortiNAC-8.7.6 FortiNAC-8.7.5 FortiNAC-8.7.4 FortiNAC-8.7.3 FortiNAC-8.7.2 FortiNAC-8.7.1 FortiNAC-8.7.0 FortiNAC-8.6.5 FortiNAC-8.6.4 FortiNAC-8.6.3 FortiNAC-8.6.2 FortiNAC-8.6.1 FortiNAC-8.6.0 FortiNAC-8.5.4 FortiNAC-8.5.3 FortiNAC-8.5.2 FortiNAC-8.5.1 FortiNAC-8.5.0 FortiNAC-8.3.7 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-273 Multiple reflected cross-site scripting vulnerabilities in portal UI Reference>