{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2023-29183","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2023-04-03T08:47:30.452Z","datePublished":"2023-09-13T12:29:55.625Z","dateUpdated":"2025-12-16T18:23:26.796Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiProxy","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.4","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.10","status":"affected"}]},{"vendor":"Fortinet","product":"FortiOS","defaultStatus":"unaffected","versions":[{"versionType":"semver","version":"7.2.0","lessThanOrEqual":"7.2.4","status":"affected"},{"versionType":"semver","version":"7.0.0","lessThanOrEqual":"7.0.11","status":"affected"},{"versionType":"semver","version":"6.4.0","lessThanOrEqual":"6.4.12","status":"affected"},{"versionType":"semver","version":"6.2.0","lessThanOrEqual":"6.2.14","status":"affected"}]}],"descriptions":[{"lang":"en","value":"An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting."}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2023-09-13T12:29:55.625Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-79","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R"}}],"solutions":[{"lang":"en","value":"Please upgrade to FortiProxy version 7.2.5 or above Please upgrade to FortiProxy version 7.0.11 or above Please upgrade to FortiOS version 7.4.0 or above Please upgrade to FortiOS version 7.2.5 or above Please upgrade to FortiOS version 7.0.12 or above Please upgrade to FortiOS version 6.4.13 or above Please upgrade to FortiOS version 6.2.15 or above "}],"references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-106","url":"https://fortiguard.com/psirt/FG-IR-23-106"}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T14:00:15.995Z"},"title":"CVE Program Container","references":[{"name":"https://fortiguard.com/psirt/FG-IR-23-106","url":"https://fortiguard.com/psirt/FG-IR-23-106","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2023-29183","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2023-11-15T16:35:37.397795Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-16T18:23:26.796Z"}}]}}