CVE-2024-23111 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-23111

Analyzed

More Info Official Page

Source-psirt@fortinet.com

Published At-11 Jun, 2024 | 15:16

Updated At-23 Aug, 2024 | 02:47

An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Secondary	3.1	6.8	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CPE Matches

>>fortiproxy>>Versions from 7.0.0(inclusive) to 7.0.15(exclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 7.2.0(inclusive) to 7.2.9(exclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortiproxy>>Versions from 7.4.0(inclusive) to 7.4.3(exclusive)

cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*

>>fortios>>Versions from 7.0.0(inclusive) to 7.0.14(exclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 7.2.0(inclusive) to 7.2.8(exclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

>>fortios>>Versions from 7.4.0(inclusive) to 7.4.4(exclusive)

cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	psirt@fortinet.com

References

Hyperlink	Source	Resource
https://fortiguard.fortinet.com/psirt/FG-IR-23-471	psirt@fortinet.com	Vendor Advisory