CVE-2022-41334

Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.7 FortiOS versions 7.2.0 through 7.2.3

Description The issue is related to an improper neutralization of input during web page generation, which may allow a remote, unauthenticated attacker to launch a cross site scripting (XSS) attack. This attack can be launched via the redir parameter of the URL seen when the "Sign in with FortiCloud" button is clicked.

Recommendations For FortiOS versions 7.0.0 through 7.0.7, update to a version outside of this range to mitigate the risk. For FortiOS versions 7.2.0 through 7.2.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the "Sign in with FortiCloud" button to minimize the risk of exploitation. Avoid using the redir parameter in the affected URL until the issue is resolved.