Arbitrary Web Script or HTML Injection in FortiSOAR 7.3.0-7.3.2
CVE-2023-26211

9CRITICAL

Key Information:

Vendor

Fortinet
Status
Fortisoar
Vendor
CVE Published:
13 August 2024

What is CVE-2023-26211?

An improper neutralization of input during web page generation in Fortinet FortiSOAR versions 7.3.0 to 7.3.2 enables an authenticated remote attacker to exploit the Communications module. This vulnerability permits the injection of arbitrary web script or HTML, potentially compromising the security of web interactions and leading to unauthorized access to sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FortiSOAR 7.3.0 <= 7.3.2

FortiSOAR 7.2.0 <= 7.2.2

FortiSOAR 7.0.0 <= 7.0.3

References

https://fortiguard.com/psirt/FG-IR-23-088

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.