Fortinet FortiOS has been discovered with Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerabilities, which threat actors can use for malicious purposes.
These vulnerabilities have been given the CVE IDs CVE-2023-29183 and CVE-2023-34984. The severity of these vulnerabilities has been categorized as CVE-2023-29183 – 5.4 (Medium) and CVE-2023-34984 – 8.8 (High) by NVD.
With DoControl, you can keep your SaaS applications and data safe and secure by creating workflows tailored to your needs. It’s an easy and efficient way to identify and manage risks. You can mitigate the risk and exposure of your organization’s SaaS applications in just a few simple steps.
This vulnerability exists due to improper input neutralization during web page generation, which could allow an authenticated attacker to execute a malicious JavaScript code through a crafted guest management setting.
Fortinet has given the severity for this vulnerability as 7.3 (High).
Affected Products and fixed in version
| Product | Affected Version | Fixed in Version |
| FortiProxy | 7.2.0 through 7.2.47.0.0 through 7.0.10 | 7.2.5 or above7.0.11 or above |
| FortiOS | 7.2.0 through 7.2.4,7.0.0 through 7.0.11,6.4.0 through 6.4.12,6.2.0 through 6.2.14 | 7.4.0 or above7.2.5 or above7.0.12 or above6.4.13 or above6.2.15 or above |
This vulnerability exists due to a failure in the protection mechanism in FortiWeb, which could allow a threat actor to bypass CSRF and XSS protections. The severity for this vulnerability has been given as 8.8 (High).
Two security advisories have been published by Fortiguard, which provide detailed information regarding the component affected and other information.
Affected Products and fixed in version
| Product | Affected Version | Fixed in Version |
| FortiWeb | 7.2.0 through 7.2.17.0.0 through 7.0.66.4 all versions6.3 all versions | 7.2.2 or above7.0.7 or above |
Users of these products are recommended to upgrade to the latest versions of these products to prevent these vulnerabilities from getting exploited by threat actors.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…
The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…
Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…
Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…
Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…
A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…
%20(1).webp?w=1600&resize=1600,900&ssl=1)
%20(1).webp?w=1600&resize=1600,900&ssl=1)