Arbitrary Web Script or HTML Injection in FortiSOAR 7.3.0-7.3.2
CVE-2023-26211

9CRITICAL

Key Information:

Vendor
Fortinet
Status
Fortisoar
Vendor
CVE Published:
13 August 2024

Summary

An improper neutralization of input during web page generation in Fortinet FortiSOAR versions 7.3.0 to 7.3.2 enables an authenticated remote attacker to exploit the Communications module. This vulnerability permits the injection of arbitrary web script or HTML, potentially compromising the security of web interactions and leading to unauthorized access to sensitive information.

Affected Version(s)

FortiSOAR 7.3.0 <= 7.3.2

FortiSOAR 7.2.0 <= 7.2.2

FortiSOAR 7.0.0 <= 7.0.3

References

https://fortiguard.com/psirt/FG-IR-23-088

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.