nvd-json-data-feeds/CVE-2022/CVE-2022-413xx/CVE-2022-41336.json

{
  "id": "CVE-2022-41336",
  "sourceIdentifier": "psirt@fortinet.com",
  "published": "2023-01-03T17:15:10.463",
  "lastModified": "2024-11-21T07:23:04.760",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiPortal versions 6.0.0 through 6.0.11 and all versions of 5.3, 5.2, 5.1, 5.0 management interface may allow a remote authenticated attacker to perform a stored cross site scripting (XSS) attack via sending request with specially crafted columnindex parameter."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web [CWE-79] en las versiones 6.0.0 a 6.0.11 de FortiPortal y todas las versiones de la interfaz de administraci\u00f3n 5.3, 5.2, 5.1, 5.0 puede permitir que un atacante autenticado remoto realice un ataque de cross site scripting (XSS) almacenado mediante el env\u00edo de una solicitud con un par\u00e1metro columnindex especialmente manipulado."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "psirt@fortinet.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "psirt@fortinet.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    },
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.0.0",
              "versionEndIncluding": "5.0.3",
              "matchCriteriaId": "4AE4255A-A854-4A11-8860-A558E1D77F30"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.1.0",
              "versionEndIncluding": "5.1.2",
              "matchCriteriaId": "6F09B0F2-D95C-478B-9AA2-CCE1D2D1E497"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.2.0",
              "versionEndIncluding": "5.2.6",
              "matchCriteriaId": "51CAE1B0-E321-462F-B503-2C13AEF3DAAD"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "5.3.0",
              "versionEndIncluding": "5.3.8",
              "matchCriteriaId": "44C143C2-D850-4768-94D0-55615D670A47"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "6.0.0",
              "versionEndIncluding": "6.0.11",
              "matchCriteriaId": "D8E37923-3D72-421C-8974-E11E5463CFF9"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://fortiguard.com/psirt/FG-IR-22-313",
      "source": "psirt@fortinet.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://fortiguard.com/psirt/FG-IR-22-313",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}