{"containers":{"cna":{"affected":[{"product":"Fortinet FortiProxy","vendor":"Fortinet","versions":[{"status":"affected","version":"FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0."}]}],"descriptions":[{"lang":"en","value":"An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","exploitCodeMaturity":"NOT_DEFINED","integrityImpact":"LOW","privilegesRequired":"NONE","remediationLevel":"WORKAROUND","reportConfidence":"NOT_DEFINED","scope":"CHANGED","temporalScore":6,"temporalSeverity":"MEDIUM","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:W/RC:X","version":"3.1"}}],"problemTypes":[{"descriptions":[{"description":"Unauthorized code execution","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2022-05-11T14:30:18.000Z","orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://fortiguard.com/psirt/FG-IR-21-230"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@fortinet.com","ID":"CVE-2021-43081","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Fortinet FortiProxy","version":{"version_data":[{"version_value":"FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0."}]}}]},"vendor_name":"Fortinet"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests."}]},"impact":{"cvss":{"attackComplexity":"Low","attackVector":"Network","availabilityImpact":"None","baseScore":6,"baseSeverity":"Medium","confidentialityImpact":"Low","integrityImpact":"Low","privilegesRequired":"None","scope":"Changed","userInteraction":"Required","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:X/RL:W/RC:X","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Unauthorized code execution"}]}]},"references":{"reference_data":[{"name":"https://fortiguard.com/psirt/FG-IR-21-230","refsource":"CONFIRM","url":"https://fortiguard.com/psirt/FG-IR-21-230"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T03:47:13.630Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://fortiguard.com/psirt/FG-IR-21-230"}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-22T20:19:32.002056Z","id":"CVE-2021-43081","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T20:57:08.663Z"}}]},"cveMetadata":{"assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","assignerShortName":"fortinet","cveId":"CVE-2021-43081","datePublished":"2022-05-11T14:30:18.000Z","dateReserved":"2021-10-28T00:00:00.000Z","dateUpdated":"2024-10-22T20:57:08.663Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}