CVE-2022-40680

Name of the Vulnerable Software and Affected Versions Fortinet FortiOS versions 6.0.7 through 6.0.15 Fortinet FortiOS versions 6.2.2 through 6.2.12 Fortinet FortiOS versions 6.4.0 through 6.4.9 Fortinet FortiOS versions 7.0.0 through 7.0.3

Description The issue is related to improper neutralization of input during web page generation, which can be exploited for cross-site scripting (XSS) attacks. This allows a privileged attacker to execute unauthorized code or commands by storing malicious payloads in replacement messages. The attacker can perform a stored XSS attack.

Recommendations For Fortinet FortiOS versions 6.0.7 through 6.0.15, update to a version outside of this range to mitigate the risk. For Fortinet FortiOS versions 6.2.2 through 6.2.12, update to a version outside of this range to mitigate the risk. For Fortinet FortiOS versions 6.4.0 through 6.4.9, update to a version outside of this range to mitigate the risk. For Fortinet FortiOS versions 7.0.0 through 7.0.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to replacement messages to minimize the risk of exploitation.