CVE-2022-30304

Published Feb 16, 2023

Last updated a year ago

CVSS medium 6.1

Overview

Description: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAnalyzer versions prior to 7.2.1, 7.0.4 and 6.4.8 may allow a remote unauthenticated attacker to perform a stored cross site scripting (XSS) attack via the URL parameter observed in the FortiWeb attack event logview in FortiAnalyzer.
Source: psirt@fortinet.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-79
psirt@fortinet.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54813EA4-11C3-430F-82AC-CBD542966E7C",
            "versionEndIncluding": "6.0.11",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "111C793F-C2E0-4042-A269-D40E1815A672",
            "versionEndIncluding": "6.2.9",
            "versionStartIncluding": "6.2.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF6AC4C4-1EBB-4334-AF02-B71F56590C1C",
            "versionEndExcluding": "6.4.9",
            "versionStartIncluding": "6.4.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "930919B2-1DF9-4216-8245-8C0F3F137C45",
            "versionEndExcluding": "7.0.5",
            "versionStartIncluding": "7.0.0"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "319D2F9D-E1E5-49C7-8ABD-0A64D7B05D58"
          },
          {
            "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDD88F7C-8136-4CFF-AF1E-9AE928878C7F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References