An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-063 | Vendor Advisory |
https://fortiguard.com/psirt/FG-IR-23-063 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:50
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.8 |
References | () https://fortiguard.com/psirt/FG-IR-23-063 - Vendor Advisory |
01 Mar 2024, 23:12
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fortinet
Fortinet fortinac |
|
CPE | cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | () https://fortiguard.com/psirt/FG-IR-23-063 - Vendor Advisory |
15 Feb 2024, 14:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-15 14:15
Updated : 2024-11-21 07:50
NVD link : CVE-2023-26206
Mitre link : CVE-2023-26206
CVE.ORG link : CVE-2023-26206
JSON object : View
Products Affected
fortinet
- fortinac
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')