CVE-2021-32602
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value.
Una vulnerabilidad de neutralización inapropiada de entrada durante la generación de la página web (CWE-79) en la GUI de FortiPortal versiones 6.0.4 y por debajo, 5.3.6 y por debajo, 5.2.6 y por debajo, 5.1.2 y por debajo, 5.0.3 y por debajo, 4.2.2 y por debajo, 4.1.2 y por debajo, 4.0. 4 y por debajo, pueden permitir a un atacante no autenticado y remoto llevar a cabo un ataque de tipo XSS por medio de enviar una petición diseñada con un parámetro lang inválido o con un valor org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE inválido.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2021-05-11 CVE Reserved
- 2021-08-18 CVE Published
- 2024-05-03 EPSS Updated
- 2024-10-25 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://fortiguard.com/advisory/FG-IR-20-066 | 2021-08-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 4.0.0 <= 4.0.4 Search vendor "Fortinet" for product "Fortiportal" and version " >= 4.0.0 <= 4.0.4" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 4.1.0 <= 4.1.2 Search vendor "Fortinet" for product "Fortiportal" and version " >= 4.1.0 <= 4.1.2" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 4.2.0 <= 4.2.2 Search vendor "Fortinet" for product "Fortiportal" and version " >= 4.2.0 <= 4.2.2" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 5.0.0 <= 5.0.3 Search vendor "Fortinet" for product "Fortiportal" and version " >= 5.0.0 <= 5.0.3" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 5.1.0 <= 5.1.2 Search vendor "Fortinet" for product "Fortiportal" and version " >= 5.1.0 <= 5.1.2" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 5.2.0 <= 5.2.6 Search vendor "Fortinet" for product "Fortiportal" and version " >= 5.2.0 <= 5.2.6" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 5.3.0 <= 5.3.6 Search vendor "Fortinet" for product "Fortiportal" and version " >= 5.3.0 <= 5.3.6" | - |
Affected
| ||||||
| Fortinet Search vendor "Fortinet" | Fortiportal Search vendor "Fortinet" for product "Fortiportal" | >= 6.0.0 <= 6.0.4 Search vendor "Fortinet" for product "Fortiportal" and version " >= 6.0.0 <= 6.0.4" | - |
Affected
| ||||||