CVE-2022-41334 Information

Description

An improper neutralization of input during web page generation [CWE-79] vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote unauthenticated attacker to launch a cross site scripting (XSS) attack via the edir\ parameter of the URL seen when the \Sign in with FortiCloud\ button is clicked.

Reference

https://fortiguard.com/psirt/FG-IR-22-224