CVE-2022-43955

Name of the Vulnerable Software and Affected Versions FortiWeb versions 7.0.0 through 7.0.3 FortiWeb versions 6.3.0 through 6.3.21 FortiWeb versions 6.4 and earlier FortiWeb versions 6.2 and earlier FortiWeb versions 6.1 and earlier FortiWeb versions 6.0 and earlier

Description An improper neutralization of input during web page generation in the FortiWeb web interface may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.

Recommendations For FortiWeb versions 7.0.0 through 7.0.3, update to a version outside of this range to mitigate the risk. For FortiWeb versions 6.3.0 through 6.3.21, update to a version outside of this range to mitigate the risk. For FortiWeb versions 6.4 and earlier, update to a version later than 6.4 to mitigate the risk. For FortiWeb versions 6.2 and earlier, update to a version later than 6.2 to mitigate the risk. For FortiWeb versions 6.1 and earlier, update to a version later than 6.1 to mitigate the risk. For FortiWeb versions 6.0 and earlier, update to a version later than 6.0 to mitigate the risk.