{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-35280","assignerOrgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","state":"PUBLISHED","assignerShortName":"fortinet","dateReserved":"2024-05-14T21:15:19.190Z","datePublished":"2025-01-15T10:07:14.953Z","dateUpdated":"2026-02-04T13:28:04.867Z"},"containers":{"cna":{"affected":[{"vendor":"Fortinet","product":"FortiDeceptor","cpes":["cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:4.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:4.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:4.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:4.0.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.3.3:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.3.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.3.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.3.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.2.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.2.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.2.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.0.2:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.0.1:*:*:*:*:*:*:*","cpe:2.3:a:fortinet:fortideceptor:3.0.0:*:*:*:*:*:*:*"],"defaultStatus":"unaffected","versions":[{"version":"5.3.0","status":"affected"},{"version":"5.2.0","status":"affected"},{"version":"5.1.0","status":"affected"},{"version":"5.0.0","status":"affected"},{"version":"4.3.0","status":"affected"},{"version":"4.2.0","status":"affected"},{"versionType":"semver","version":"4.1.0","lessThanOrEqual":"4.1.1","status":"affected"},{"versionType":"semver","version":"4.0.0","lessThanOrEqual":"4.0.2","status":"affected"},{"versionType":"semver","version":"3.3.0","lessThanOrEqual":"3.3.3","status":"affected"},{"versionType":"semver","version":"3.2.0","lessThanOrEqual":"3.2.2","status":"affected"},{"versionType":"semver","version":"3.1.0","lessThanOrEqual":"3.1.1","status":"affected"},{"versionType":"semver","version":"3.0.0","lessThanOrEqual":"3.0.2","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints"}],"providerMetadata":{"orgId":"6abe59d8-c742-4dff-8ce8-9b0ca1073da8","shortName":"fortinet","dateUpdated":"2026-02-04T13:28:04.867Z"},"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-79","description":"Execute unauthorized code or commands","type":"CWE"}]}],"metrics":[{"format":"CVSS","cvssV3_1":{"version":"3.1","attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C"}}],"solutions":[{"lang":"en","value":"Upgrade to FortiDeceptor version 6.0.0 or above\nUpgrade to FortiDeceptor version 5.3.1 or above\nUpgrade to FortiDeceptor version 5.2.1 or above"}],"references":[{"name":"https://fortiguard.fortinet.com/psirt/FG-IR-24-010","url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-010"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-15T14:44:56.156689Z","id":"CVE-2024-35280","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-15T14:45:11.764Z"}}]}}