CVE-2023-22638

Name of the Vulnerable Software and Affected Versions FortiNAC versions 9.4.1 and below FortiNAC versions 9.2.6 and below FortiNAC versions 9.1.8 and below FortiNAC versions 8.8.11 and below FortiNAC versions 8.7.6 and below FortiNAC versions 8.6.5 and below FortiNAC versions 8.5.4 and below FortiNAC versions 8.3.7 and below

Description The issue is related to the failure to protect the web page structure, allowing a remote attacker to perform cross-site scripting attacks by sending a specially crafted HTTP GET request. This can enable an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests.

Recommendations For FortiNAC versions 9.4.1 and below, update to a version above 9.4.1 to resolve the issue. For FortiNAC versions 9.2.6 and below, update to a version above 9.2.6 to resolve the issue. For FortiNAC versions 9.1.8 and below, update to a version above 9.1.8 to resolve the issue. For FortiNAC versions 8.8.11 and below, update to a version above 8.8.11 to resolve the issue. For FortiNAC versions 8.7.6 and below, update to a version above 8.7.6 to resolve the issue. For FortiNAC versions 8.6.5 and below, update to a version above 8.6.5 to resolve the issue. For FortiNAC versions 8.5.4 and below, update to a version above 8.5.4 to resolve the issue. For FortiNAC versions 8.3.7 and below, update to a version above 8.3.7 to resolve the issue.