ID
VAR-202207-0173
CVE
CVE-2022-23438
TITLE
FortiOS Cross-site scripting vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2022-015425
DESCRIPTION
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. FortiOS Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Trust: 1.71
sources:
NVD: CVE-2022-23438 //
JVNDB: JVNDB-2022-015425 //
VULHUB: VHN-412573
AFFECTED PRODUCTS
| vendor: | fortinet | model: | fortios | scope: | lte | version: | 7.0.5 | Trust: 1.0 |
| vendor: | fortinet | model: | fortios | scope: | lte | version: | 6.4.9 | Trust: 1.0 |
| vendor: | fortinet | model: | fortios | scope: | gte | version: | 7.0.0 | Trust: 1.0 |
| vendor: | フォーティネット | model: | fortios | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | フォーティネット | model: | fortios | scope: | lte | version: | 7.0.5 and earlier | Trust: 0.8 |
| vendor: | フォーティネット | model: | fortios | scope: | lte | version: | 6.4.9 and earlier | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-015425 //
NVD: CVE-2022-23438
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
JVNDB: JVNDB-2022-015425 //
CNNVD: CNNVD-202207-377 //
NVD: CVE-2022-23438 //
NVD: CVE-2022-23438
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.1 |
| problemtype: | Cross-site scripting (CWE-79) [NVD evaluation ] | Trust: 0.8 |
sources:
VULHUB: VHN-412573 //
JVNDB: JVNDB-2022-015425 //
NVD: CVE-2022-23438
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202207-377
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-202207-377
PATCH
| title: | FG-IR-21-057 | url: | https://www.fortiguard.com/psirt/FG-IR-21-057 | Trust: 0.8 |
| title: | Fortinet FortiOS Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198708 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2022-015425 //
CNNVD: CNNVD-202207-377
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-23438 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2022-015425 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2022.3307 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2022070524 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202207-377 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-412573 | Trust: 0.1 |
sources:
VULHUB: VHN-412573 //
JVNDB: JVNDB-2022-015425 //
CNNVD: CNNVD-202207-377 //
NVD: CVE-2022-23438
REFERENCES
| url: | https://fortiguard.com/psirt/fg-ir-21-057 | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-23438 | Trust: 0.8 |
| url: | https://www.auscert.org.au/bulletins/esb-2022.3307 | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/fortinet-fortios-cross-site-scripting-via-captive-portal-38737 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-23438/ | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2022070524 | Trust: 0.6 |
sources:
VULHUB: VHN-412573 //
JVNDB: JVNDB-2022-015425 //
CNNVD: CNNVD-202207-377 //
NVD: CVE-2022-23438
SOURCES
| db: | VULHUB | id: | VHN-412573 |
| db: | JVNDB | id: | JVNDB-2022-015425 |
| db: | CNNVD | id: | CNNVD-202207-377 |
| db: | NVD | id: | CVE-2022-23438 |
LAST UPDATE DATE
2024-08-14T15:32:40.714000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-412573 | date: | 2022-07-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-015425 | date: | 2023-09-27T00:57:00 |
| db: | CNNVD | id: | CNNVD-202207-377 | date: | 2022-07-26T00:00:00 |
| db: | NVD | id: | CVE-2022-23438 | date: | 2022-07-25T14:29:49.487 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-412573 | date: | 2022-07-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-015425 | date: | 2023-09-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202207-377 | date: | 2022-07-05T00:00:00 |
| db: | NVD | id: | CVE-2022-23438 | date: | 2022-07-18T18:15:08.963 |