CVE-2022-35851

Name of the Vulnerable Software and Affected Versions FortiADC management interface version 7.1.0

Description The issue is related to an improper neutralization of input during web page generation, which may allow a remote and authenticated attacker to trigger a stored cross site scripting (XSS) attack. This can be achieved by configuring a specially crafted IP Address. The vulnerability exists due to a lack of protection measures for the web page structure during its creation.

Recommendations For FortiADC management interface version 7.1.0, consider restricting access to the management interface to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using specially crafted IP Addresses in the management interface. At the moment, there is no information about a newer version that contains a fix for this vulnerability.