Reflected XSS in the password reset page

Reflected XSS in the password reset page Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-275 Final 1 1 2023-04-11T00:00:00 Current version 2023-04-11T00:00:00 2023-04-11T00:00:00 An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page. None Execute unauthorized code or commands FortiAuthenticator 6.5 all versions are not affectedFortiAuthenticator version 6.4.0 through 6.4.6FortiAuthenticator version 6.3.0 through 6.3.3FortiAuthenticator 6.2 all versionsFortiAuthenticator 6.1 all versionsFortiAuthenticator 6.0 all versions are not affectedFortiAuthenticator 5.5 all versions are not affected Please upgrade to FortiAuthenticator version 6.5.0 or abovePlease upgrade to FortiAuthenticator version 6.4.7 or abovePlease upgrade to FortiAuthenticator version 6.3.4 or above Fortinet is pleased to thank Leandro Barragan from SwordBytes for reporting this vulnerability under responsible disclosure. FortiAuthenticator 6.4.6 FortiAuthenticator 6.4.5 FortiAuthenticator 6.4.4 FortiAuthenticator 6.4.3 FortiAuthenticator 6.4.2 FortiAuthenticator 6.4.1 FortiAuthenticator 6.4.0 FortiAuthenticator 6.3.3 FortiAuthenticator 6.3.2 FortiAuthenticator 6.3.1 FortiAuthenticator 6.3.0 FortiAuthenticator 6.2.2 FortiAuthenticator 6.2.1 FortiAuthenticator 6.2.0 FortiAuthenticator 6.1.3 FortiAuthenticator 6.1.2 FortiAuthenticator 6.1.1 FortiAuthenticator 6.1.0 Reflected XSS in the password reset page CVE-2022-35850 FortiAuthenticator-6.4.6 FortiAuthenticator-6.4.5 FortiAuthenticator-6.4.4 FortiAuthenticator-6.4.3 FortiAuthenticator-6.4.2 FortiAuthenticator-6.4.1 FortiAuthenticator-6.4.0 FortiAuthenticator-6.3.3 FortiAuthenticator-6.3.2 FortiAuthenticator-6.3.1 FortiAuthenticator-6.3.0 FortiAuthenticator-6.2.2 FortiAuthenticator-6.2.1 FortiAuthenticator-6.2.0 FortiAuthenticator-6.1.3 FortiAuthenticator-6.1.2 FortiAuthenticator-6.1.1 FortiAuthenticator-6.1.0 4.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:F/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-275 Reflected XSS in the password reset page Reference>