CVE-2024-35280

CVE Database · CVE-2024-35280

CVE-2024-35280

· MEDIUMModified

CVSS v3.1

5.4

EPSS

0.28%

Published

Jan 15, 2025

Modified

Feb 4, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (2)

fortinet · fortideceptor (up to 5.2.1)vulnerable

fortinet · fortideceptorvulnerable

References (1)

https://fortiguard.fortinet.com/psirt/FG-IR-24-010

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs