Saturday, February 22, 2025
Follow us On Linkedin
HomeCyber Security NewsFortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code

Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code

Cyber Security NewsTHREATSVulnerability

Published on

By Eswar
Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

Fortinet FortiOS has been discovered with Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, which threat actors can use for malicious purposes.

These vulnerabilities have been given the CVE IDs CVE-2023-29183 and CVE-2023-34984. The severity of these vulnerabilities has been categorized as CVE-2023-29183 – 5.4 (Medium) and CVE-2023-34984 – 8.8 (High) by NVD.

Document
Get a Demo

Start protecting your SaaS data in just a few minutes!

With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.

Cross-Site Scripting (XSS): CVE-2023-29183

This vulnerability exists due to improper input neutralization during web page generation, which could allow an authenticated attacker to execute a malicious JavaScript code through a crafted guest management setting.

Fortinet has given the severity for this vulnerability as 7.3 (High). 

Affected Products and fixed in version

ProductAffected VersionFixed in Version
FortiProxy7.2.0 through 7.2.47.0.0 through 7.0.107.2.5 or above7.0.11 or above
FortiOS7.2.0 through 7.2.4,7.0.0 through 7.0.11,6.4.0 through 6.4.12,6.2.0 through 6.2.147.4.0 or above7.2.5 or above7.0.12 or above6.4.13 or above6.2.15 or above

Cross-Site Request Forgery (CSRF): CVE-2023-34984

This vulnerability exists due to a failure in the protection mechanism in FortiWeb, which could allow a threat actor to bypass CSRF and XSS protections. The severity for this vulnerability has been given as 8.8 (High).

Two security advisories have been published by Fortiguard, which provide detailed information regarding the component affected and other information.

Affected Products and fixed in version

ProductAffected VersionFixed in Version
FortiWeb7.2.0 through 7.2.17.0.0 through 7.0.66.4 all versions6.3 all versions7.2.2 or above7.0.7 or above

Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited by threat actors.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

cyber security

SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer...
cyber security

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing...
Cyber Attack

NSA Allegedly Hacked Northwestern Polytechnical University, China Claims

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a...
cyber security

ACRStealer Malware Abuses Google Docs as C2 to Steal Login Credentials

The ACRStealer malware, an infostealer disguised as illegal software such as cracks and keygens,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

cyber security

SPAWNCHIMERA Malware Exploits Ivanti Buffer Overflow Vulnerability by Applying a Critical Fix

In a recent development, the SPAWNCHIMERA malware family has been identified exploiting the buffer...
cyber security

Sitevision Auto-Generated Password Vulnerability Lets Hackers Steal Signing Key

A significant vulnerability in Sitevision CMS, versions 10.3.1 and earlier, has been identified, allowing...
Cyber Attack

NSA Allegedly Hacked Northwestern Polytechnical University, China Claims

Chinese cybersecurity entities have accused the U.S. National Security Agency (NSA) of orchestrating a...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved