CVE-2022-43952

Name of the Vulnerable Software and Affected Versions FortiADC versions 7.1.1 and below FortiADC versions 7.0.3 and below FortiADC versions 6.2.5 and below

Description The issue exists due to improper neutralization of input during web page generation, allowing a remote attacker to conduct a cross-site scripting (XSS) attack using specially crafted HTTP requests. This can enable an authenticated attacker to perform a cross-site scripting attack.

Recommendations For FortiADC versions 7.1.1 and below, update to a version above 7.1.1 to resolve the issue. For FortiADC versions 7.0.3 and below, update to a version above 7.0.3 to resolve the issue. For FortiADC versions 6.2.5 and below, update to a version above 6.2.5 to resolve the issue. As a temporary workaround, consider restricting access to crafted HTTP requests to minimize the risk of exploitation.