CVE-2022-38379

3.4LOW

Key Information:

Vendor: Fortinet
Status: Fortisoar
Vendor: CVE Published:; 6 December 2022

Summary

Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.

Affected Version(s)

FortiSOAR 7.2.0

FortiSOAR 7.0.0 <= 7.0.3

References

https://fortiguard.com/psirt/FG-IR-22-220

CVSS V3.1

Score:

3.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2022
Vulnerability Reserved
Aug 16, 2022