cvedb.io
CVE-2022-29057
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2022-07-19T14:15:08.550 · Last modified 2026-06-17T04:39:31.237

Summary

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.

Affected products

fortinet — fortiedr

Does this affect you?

Add your gear to cvedb and we'll alert you only when fortinet ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.