CVE-2022-29057: 
FortiEDR vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was identified in Fortinet FortiEDR versions 5.1.0, 5.0.0 through 5.0.3 Patch 6, and 4.0.0. The vulnerability allows a remote authenticated attacker to perform a reflected cross-site scripting attack by injecting malicious payload into the Management Console via various endpoints (Fortinet Advisory, NVD).

The vulnerability is classified as an improper neutralization of input during web page generation (CWE-79). It has been assigned a CVSS v3.1 score of 5.1, indicating medium severity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low confidentiality and integrity impact (C:L/I:L) and no availability impact (A:N) (NVD).

If successfully exploited, this vulnerability could allow an authenticated attacker to execute unauthorized code or commands through cross-site scripting attacks, potentially compromising the confidentiality and integrity of the affected system (Fortinet Advisory).

Users are advised to upgrade to a version that addresses this vulnerability. The issue has been fixed in subsequent releases after the affected versions (5.1.0, 5.0.0 through 5.0.3 Patch 6, and 4.0.0) (Fortinet Advisory).