{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2022-35850","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2022-07-13T20:38:49.334Z","datePublished":"2023-04-11T16:07:22.760Z","dateUpdated":"2024-10-22T20:46:56.508Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiAuthenticator","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.4","status":"affected"},{"versionType":"semver","version":"6.3.0","lessThanOrEqual":"6.3.3","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.2","status":"affected"},{"versionType":"semver","version":"6.1.0","lessThanOrEqual":"6.1.3","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the \"reset-password\" page."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-04-11T16:07:22.760Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-80","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.2,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:F/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiAuthenticator version 6.5.0 or above Please upgrade to FortiAuthenticator version 6.4.7 or above Please upgrade to FortiAuthenticator version 6.4.5 or above Please upgrade to FortiAuthenticator version 6.3.4 or above "}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-275","url":"https://fortiguard.com/psirt/FG-IR-22-275"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T09:44:22.012Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-22-275","url":"https://fortiguard.com/psirt/FG-IR-22-275","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-22T20:18:11.120911Z","id":"CVE-2022-35850","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-22T20:46:56.508Z"}}]}}