{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T00:28:33.773","vulnerabilities":[{"cve":{"id":"CVE-2021-36188","sourceIdentifier":"psirt@fortinet.com","published":"2021-12-08T17:15:10.877","lastModified":"2024-11-21T06:13:17.093","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted GET parameters in requests to login and error handlers"},{"lang":"es","value":"Una neutralización inapropiada de la entrada durante la generación de la página web (\"Cross-site Scripting\") en Fortinet FortiWeb versión 6.4.1 y anteriores, 6.3.15 y anteriores, permite a un atacante ejecutar código o comandos no autorizados por medio de parámetros GET diseñados en peticiones de inicio de sesión y manejadores de errores"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndIncluding":"6.2.5","matchCriteriaId":"FCB9E28C-5341-44D1-A311-9D9C6EF9CDF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.3.0","versionEndExcluding":"6.3.16","matchCriteriaId":"C0486411-DC71-4C02-8973-B91930A439A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.2","matchCriteriaId":"C97F7E3F-4747-46AA-8D2C-5D7C363CDB14"}]}]}],"references":[{"url":"https://fortiguard.com/advisory/FG-IR-21-118","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/advisory/FG-IR-21-118","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}