CVE-2023-29183 Information

Description

An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4 7.0.0 through 7.0.11 6.4.0 through 6.4.12 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.

Reference

https://fortiguard.com/psirt/FG-IR-23-106