Arbitrary Web Script or HTML Injection in FortiSOAR 7.3.0-7.3.2

CVE-2023-26211

9CRITICAL

Key Information

Vendor
Fortinet
Status
Fortisoar
Vendor
CVE Published:
13 August 2024

Summary

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

Affected Version(s)

FortiSOAR <= 7.3.2

FortiSOAR <= 7.2.2

FortiSOAR <= 7.0.3

Refferences

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.