CVE-2022-35851

HIGH 8.0

CVSS Score

8.0

EPSS Score

0.0%

EPSS Percentile

0th

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC management interface 7.1.0 may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack via configuring a specially crafted IP Address.

Vendor	fortinet
Product	fortinet fortiadc
Ecosystems	Networking
Industries	NetworkingSecurity
Published	Nov 2, 2022
Last Updated	Oct 25, 2024

Stay Ahead of the Next One

Get instant alerts for fortinet fortinet fortiadc

Be the first to know when new high vulnerabilities affecting fortinet fortinet fortiadc are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:U/RC:R

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected Versions

Fortinet / Fortinet FortiADC

FortiADC 7.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

fortiguard.com: https://fortiguard.com/psirt/FG-IR-22-314