CVE-2022-23438: 
FortiOS vulnerability analysis and mitigation

A Cross-site Scripting (XSS) vulnerability identified as CVE-2022-23438 affects FortiOS versions 7.0.5 and prior, as well as 6.4.9 and prior. This vulnerability was disclosed on July 18, 2022, and allows an unauthenticated remote attacker to perform a reflected cross-site scripting attack specifically in the captive portal authentication replacement page (NVD).

The vulnerability is classified as an improper neutralization of input during web page generation (CWE-79). It has been assigned a CVSS v3.1 Base Score of 6.1 (Medium) by NIST and 4.7 (Medium) by Fortinet. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and user interaction required (NVD).

The successful exploitation of this vulnerability can lead to disclosure of sensitive information and potential manipulation of web content through reflected XSS attacks. The impact is considered moderate with low confidentiality and integrity impacts, while there is no impact on system availability (NVD).

Users should upgrade to versions newer than FortiOS 7.0.5 or 6.4.9 to address this vulnerability. Fortinet has released patches to fix the issue (NVD).