ID
VAR-202302-1564
CVE
CVE-2022-41334
TITLE
fortinet's FortiOS Cross-site scripting vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2022-019904
DESCRIPTION
An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack via the "redir" parameter of the URL seen when the "Sign in with FortiCloud" button is clicked. fortinet's FortiOS Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Trust: 1.8
sources:
NVD: CVE-2022-41334 //
JVNDB: JVNDB-2022-019904 //
VULHUB: VHN-437472 //
VULMON: CVE-2022-41334
AFFECTED PRODUCTS
| vendor: | fortinet | model: | fortios | scope: | gte | version: | 7.2.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortios | scope: | lte | version: | 7.0.7 | Trust: 1.0 |
| vendor: | fortinet | model: | fortios | scope: | lte | version: | 7.2.3 | Trust: 1.0 |
| vendor: | fortinet | model: | fortios | scope: | gte | version: | 7.0.0 | Trust: 1.0 |
| vendor: | フォーティネット | model: | fortios | scope: | eq | version: | 7.2.0 to 7.2.3 | Trust: 0.8 |
| vendor: | フォーティネット | model: | fortios | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | フォーティネット | model: | fortios | scope: | eq | version: | 7.0.0 to 7.0.7 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-019904 //
NVD: CVE-2022-41334
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
JVNDB: JVNDB-2022-019904 //
CNNVD: CNNVD-202302-1429 //
NVD: CVE-2022-41334 //
NVD: CVE-2022-41334
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.1 |
| problemtype: | Cross-site scripting (CWE-79) [NVD evaluation ] | Trust: 0.8 |
sources:
VULHUB: VHN-437472 //
JVNDB: JVNDB-2022-019904 //
NVD: CVE-2022-41334
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202302-1429
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-202302-1429
PATCH
| title: | FG-IR-22-224 | url: | https://www.fortiguard.com/psirt/FG-IR-22-224 | Trust: 0.8 |
| title: | Fortinet FortiOS Fixes for cross-site scripting vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqById.tag?id=226971 | Trust: 0.6 |
sources:
JVNDB: JVNDB-2022-019904 //
CNNVD: CNNVD-202302-1429
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-41334 | Trust: 3.4 |
| db: | JVN | id: | JVNVU93656033 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-24-074-11 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2022-019904 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202302-1429 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-437472 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-41334 | Trust: 0.1 |
sources:
VULHUB: VHN-437472 //
VULMON: CVE-2022-41334 //
JVNDB: JVNDB-2022-019904 //
CNNVD: CNNVD-202302-1429 //
NVD: CVE-2022-41334
REFERENCES
| url: | https://fortiguard.com/psirt/fg-ir-22-224 | Trust: 1.8 |
| url: | https://jvn.jp/vu/jvnvu93656033/index.html | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-41334 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-11 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-41334/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULHUB: VHN-437472 //
VULMON: CVE-2022-41334 //
JVNDB: JVNDB-2022-019904 //
CNNVD: CNNVD-202302-1429 //
NVD: CVE-2022-41334
SOURCES
| db: | VULHUB | id: | VHN-437472 |
| db: | VULMON | id: | CVE-2022-41334 |
| db: | JVNDB | id: | JVNDB-2022-019904 |
| db: | CNNVD | id: | CNNVD-202302-1429 |
| db: | NVD | id: | CVE-2022-41334 |
LAST UPDATE DATE
2024-08-14T12:13:51.438000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-437472 | date: | 2023-02-27T00:00:00 |
| db: | VULMON | id: | CVE-2022-41334 | date: | 2023-02-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-019904 | date: | 2024-03-22T07:18:00 |
| db: | CNNVD | id: | CNNVD-202302-1429 | date: | 2023-02-28T00:00:00 |
| db: | NVD | id: | CVE-2022-41334 | date: | 2023-11-07T03:52:47.903 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-437472 | date: | 2023-02-16T00:00:00 |
| db: | VULMON | id: | CVE-2022-41334 | date: | 2023-02-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-019904 | date: | 2023-10-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-202302-1429 | date: | 2023-02-16T00:00:00 |
| db: | NVD | id: | CVE-2022-41334 | date: | 2023-02-16T19:15:13.443 |