Skip to content

CVE-2023-29183 | FortiProxy,FortiOS

An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting..This CVE has a CVSS3.1 score of 7.3 and a Base Severity of HIGH.

InfoDetails
CVE IDCVE-2023-29183
CVE StatePUBLISHED
BaseScore7.3
BaseSeverityHIGH
VectorStringCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R
VersionNA

References for CVE-2023-29183 :
https://fortiguard.com/psirt/FG-IR-23-106

Metric TypeMetric Score
AttackVector(AV)NETWORK
AttackComplexity(AC)LOW
PrivilegesRequired(PR)LOW
UserInteraction(UI)REQUIRED
Scope(S)UNCHANGED
Confidentiality(C)HIGH
Availability(A)HIGH
Integrity(I)HIGH
Tags: