{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T03:56:32.962","vulnerabilities":[{"cve":{"id":"CVE-2022-29057","sourceIdentifier":"psirt@fortinet.com","published":"2022-07-19T14:15:08.550","lastModified":"2024-11-21T06:58:25.400","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints."},{"lang":"es","value":"Una neutralización inapropiada de la entrada durante la generación de la página web (\"cross-site scripting\") en Fortinet FortiEDR versiones 5.1.0, 5.0.0 hasta 5.0.3 Patch 6 y 4.0.0, permite a un atacante remoto autenticado llevar a cabo un ataque de tipo cross site scripting (XSS) reflejado al inyectar una carga maliciosa en la Consola de Administración por medio de varios endpoints."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.0.3","matchCriteriaId":"15226E02-68C0-4CEA-AD89-9CE94E8796C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"41956307-6575-410D-8F95-C9F0EB3540E6"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:5.0.3:-:*:*:*:*:*:*","matchCriteriaId":"B1506107-C7C9-41DE-A87B-B495B1C1AA8F"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:5.0.3:patch1:*:*:*:*:*:*","matchCriteriaId":"39DB2727-A437-4B1B-A3BD-08D9B2C54BBA"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:5.0.3:patch2:*:*:*:*:*:*","matchCriteriaId":"54297892-E6AB-421A-A551-00B81D39ED4A"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:5.0.3:patch3:*:*:*:*:*:*","matchCriteriaId":"E6CCADD3-A014-4ED9-B5AF-1A5BB899B60B"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:5.0.3:patch4:*:*:*:*:*:*","matchCriteriaId":"98FBCFBB-B257-40D0-9352-8E65D00B50CB"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:5.0.3:patch5:*:*:*:*:*:*","matchCriteriaId":"4DCF8441-D562-44AA-BA1F-C1198FE6B6A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:5.0.3:patch6:*:*:*:*:*:*","matchCriteriaId":"A9D78F92-48AE-4AF6-8A18-B3E7068B93E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiedr:5.1.0:-:*:*:*:*:*:*","matchCriteriaId":"CBA4EEE3-7B74-402D-944E-83F43A9B3353"}]}]}],"references":[{"url":"https://fortiguard.com/psirt/FG-IR-22-077","source":"psirt@fortinet.com","tags":["Vendor Advisory"]},{"url":"https://fortiguard.com/psirt/FG-IR-22-077","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}