{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T09:25:44.160","vulnerabilities":[{"cve":{"id":"CVE-2024-35280","sourceIdentifier":"psirt@fortinet.com","published":"2025-01-15T11:15:09.087","lastModified":"2026-02-04T14:16:07.430","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints"},{"lang":"es","value":" Una neutralización incorrecta de la entrada durante la generación de páginas web (\"cross-site scripting\") en Fortinet FortiDeceptor 3.x todas las versiones, 4.x todas las versiones, 5.0 todas las versiones, 5.1 todas las versiones, versión 5.2.0 y versión 5.3.0 puede permitir que un atacante realice un ataque de cross-site scripting reflejado en los endpoints de recuperación."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"5.2.1","matchCriteriaId":"F75A3F8D-C36D-4F91-ACC3-00AF611950DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"A85A82BF-DCB3-4E8B-A2A3-6F23F11FFB00"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-010","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}