CVE-2022-22304

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-22304
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiAuthenticator OWA Agent for Microsoft version 2.2 and 2.1 may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://fortiguard.com/psirt/FG-IR-22-021 Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortiauthenticator_agent_for_microsoft_outlook_web_access:2.2:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortiauthenticator_agent_for_microsoft_outlook_web_access:2.1:*:*:*:*:*:*:*
Information

Published : 2022-07-18 10:15

Updated : 2022-07-24 20:22

NVD link : CVE-2022-22304

Mitre link : CVE-2022-22304

JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa
Products Affected

fortinet

  • fortiauthenticator_agent_for_microsoft_outlook_web_access