CVE-2022-22304

Name of the Vulnerable Software and Affected Versions FortiAuthenticator OWA Agent for Microsoft versions 2.1 through 2.2

Description The issue is related to an improper neutralization of input during web page generation, which may allow an unauthenticated attacker to perform a cross-site scripting (XSS) attack via crafted HTTP GET requests. This could potentially be exploited by sending malicious requests to vulnerable endpoints.

Recommendations For versions 2.1 and 2.2, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.