Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2022-45857 – Fortinet FortiManager Vulnerability
January 6, 2023
Rewterz
Rewterz Threat Advisory –CVE-2022-25926 – Node.js window-control module Vulnerability
January 6, 2023

Rewterz Threat Advisory –CVE-2022-41336 – Fortinet FortiPortal Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-41336 

Fortinet FortiPortal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the columnindex parameter. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

  • Cross-Site Scripting

Indicators Of Compromise

CVE

  • CVE-2022-41336

Affected Vendors

Fortinet

Affected Products

  • Fortinet FortiManager 6.2.0
  • Fortinet FortiManager 7.0.0
  • Fortinet FortiManager 6.4.0
  • Fortinet FortiManager 7.0.1
  • Fortinet FortiManager 6.4.7
  • Fortinet FortiManager 6.2.8

Remediation

Refer to Fortinet Security Advisory for patch, upgrade or suggested workaround information.

Fortinet Security Advisory