Security Advisory

CVE-2022-39950

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-11-02 00:00:00

Last updated 2024-10-25 13:17:01

Assigner fortinet

State PUBLISHED

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] exists in FortiManager and FortiAnalyzer 6.0.0 all versions, 6.2.0 all versions, 6.4.0 through 6.4.8, and 7.0.0 through 7.0.4. Report templates may allow a low privilege level attacker to perform an XSS attack via posting a crafted CKeditor "protected" comment as described in CVE-2020-9281.

← Browse all CVEs View on cve.org ↗