{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-35280", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "state": "PUBLISHED", "assignerShortName": "fortinet", "dateReserved": "2024-05-14T21:15:19.190Z", "datePublished": "2025-01-15T10:07:14.953Z", "dateUpdated": "2026-02-04T13:28:04.867Z"}, "containers": {"cna": {"affected": [{"vendor": "Fortinet", "product": "FortiDeceptor", "cpes": ["cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.0.0:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "5.3.0", "status": "affected"}, {"version": "5.2.0", "status": "affected"}, {"version": "5.1.0", "status": "affected"}, {"version": "5.0.0", "status": "affected"}, {"version": "4.3.0", "status": "affected"}, {"version": "4.2.0", "status": "affected"}, {"versionType": "semver", "version": "4.1.0", "lessThanOrEqual": "4.1.1", "status": "affected"}, {"versionType": "semver", "version": "4.0.0", "lessThanOrEqual": "4.0.2", "status": "affected"}, {"versionType": "semver", "version": "3.3.0", "lessThanOrEqual": "3.3.3", "status": "affected"}, {"versionType": "semver", "version": "3.2.0", "lessThanOrEqual": "3.2.2", "status": "affected"}, {"versionType": "semver", "version": "3.1.0", "lessThanOrEqual": "3.1.1", "status": "affected"}, {"versionType": "semver", "version": "3.0.0", "lessThanOrEqual": "3.0.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints"}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-02-04T13:28:04.867Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "Execute unauthorized code or commands", "type": "CWE"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C"}}], "solutions": [{"lang": "en", "value": "Upgrade to FortiDeceptor version 6.0.0 or above\nUpgrade to FortiDeceptor version 5.3.1 or above\nUpgrade to FortiDeceptor version 5.2.1 or above"}], "references": [{"name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010", "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-15T14:44:56.156689Z", "id": "CVE-2024-35280", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-15T14:45:11.764Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-35280", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-15T14:44:56.156689Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-15T14:45:08.148Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:5.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:5.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:5.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:fortinet:fortideceptor:3.0.0:*:*:*:*:*:*:*"], "vendor": "Fortinet", "product": "FortiDeceptor", "versions": [{"status": "affected", "version": "5.3.0"}, {"status": "affected", "version": "5.2.0"}, {"status": "affected", "version": "5.1.0"}, {"status": "affected", "version": "5.0.0"}, {"status": "affected", "version": "4.3.0"}, {"status": "affected", "version": "4.2.0"}, {"status": "affected", "version": "4.1.0", "versionType": "semver", "lessThanOrEqual": "4.1.1"}, {"status": "affected", "version": "4.0.0", "versionType": "semver", "lessThanOrEqual": "4.0.2"}, {"status": "affected", "version": "3.3.0", "versionType": "semver", "lessThanOrEqual": "3.3.3"}, {"status": "affected", "version": "3.2.0", "versionType": "semver", "lessThanOrEqual": "3.2.2"}, {"status": "affected", "version": "3.1.0", "versionType": "semver", "lessThanOrEqual": "3.1.1"}, {"status": "affected", "version": "3.0.0", "versionType": "semver", "lessThanOrEqual": "3.0.2"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to FortiDeceptor version 6.0.0 or above\nUpgrade to FortiDeceptor version 5.3.1 or above\nUpgrade to FortiDeceptor version 5.2.1 or above"}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010", "name": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010"}], "descriptions": [{"lang": "en", "value": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "Execute unauthorized code or commands"}]}], "providerMetadata": {"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "shortName": "fortinet", "dateUpdated": "2026-02-04T13:28:04.867Z"}}}, "cveMetadata": {"cveId": "CVE-2024-35280", "state": "PUBLISHED", "dateUpdated": "2026-02-04T13:28:04.867Z", "dateReserved": "2024-05-14T21:15:19.190Z", "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8", "datePublished": "2025-01-15T10:07:14.953Z", "assignerShortName": "fortinet"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fortinet:fortideceptor:*:*:*:*:*:*:*:*", "matchCriteriaId": "F75A3F8D-C36D-4F91-ACC3-00AF611950DE", "versionEndExcluding": "5.2.1", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:fortinet:fortideceptor:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A85A82BF-DCB3-4E8B-A2A3-6F23F11FFB00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor 5.0 all versions, FortiDeceptor 4.3 all versions, FortiDeceptor 4.2 all versions, FortiDeceptor 4.1 all versions, FortiDeceptor 4.0 all versions, FortiDeceptor 3.3 all versions, FortiDeceptor 3.2 all versions, FortiDeceptor 3.1 all versions, FortiDeceptor 3.0 all versions may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints"}, {"lang": "es", "value": " Una neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (\"cross-site scripting\") en Fortinet FortiDeceptor 3.x todas las versiones, 4.x todas las versiones, 5.0 todas las versiones, 5.1 todas las versiones, versi\u00f3n 5.2.0 y versi\u00f3n 5.3.0 puede permitir que un atacante realice un ataque de cross-site scripting reflejado en los endpoints de recuperaci\u00f3n."}], "id": "CVE-2024-35280", "lastModified": "2026-02-04T14:16:07.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "psirt@fortinet.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-15T11:15:09.087", "references": [{"source": "psirt@fortinet.com", "tags": ["Vendor Advisory"], "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-010"}], "sourceIdentifier": "psirt@fortinet.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "psirt@fortinet.com", "type": "Secondary"}]}

{}

{}