CVE-2024-31495 — Vulnetix

CVE-2024-31495 PUBLISHED CVSS 6.199999809265137 MEDIUM

An improper neutralization of input during web page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged attacker with super-admin access to execute JavaScript code via crafted HTTP GET requests.

EPSS 0.27% · 50.7th percentile

Risk Scores

CVSS 3.1

6.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R

EPSS Score

0.27%

50.7th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiOS	7.4.0, 7.0.0, 7.2.0
Fortinet	FortiProxy	7.0.0, 7.2.0, 7.4.0
fortinet	fortiproxy	2.0.0, 7.4.0, 7.2.0
fortinet	fortios	7.4.0, 7.2.0, 7.0.0

Exploit Intelligence

https://fortiguard.fortinet.com/psirt/FG-IR-23-471 (circl)

Timeline

Jun 11, 2024 CVE Published
Jun 12, 2024 EPSS Score
Jul 5, 2024 EPSS Score
Jul 28, 2024 EPSS Score
Aug 2, 2024 CVE Updated
Aug 20, 2024 EPSS Score
Sep 12, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 5, 2024 EPSS Score
Oct 28, 2024 EPSS Score
Nov 20, 2024 EPSS Score
Dec 14, 2024 EPSS Score

References

https://www.fortiguard.com/psirt/FG-IR-23-495 advisory
https://www.fortiguard.com/psirt/FG-IR-24-170 advisory
https://www.fortiguard.com/psirt/FG-IR-24-036 advisory
https://www.fortiguard.com/psirt/FG-IR-23-471 advisory
https://www.fortiguard.com/psirt/FG-IR-24-128 advisory
https://www.fortiguard.com/psirt/FG-IR-23-460 advisory
https://www.fortiguard.com/psirt/FG-IR-23-423 advisory
https://www.fortiguard.com/psirt/FG-IR-23-356 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-471 url

Open in Interactive Console →