An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-088 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
22 Aug 2024, 14:33
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Fortinet fortisoar
Fortinet |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.0 |
CPE | cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:* |
|
References | () https://fortiguard.com/psirt/FG-IR-23-088 - Vendor Advisory |
13 Aug 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-13 16:15
Updated : 2024-08-22 14:33
NVD link : CVE-2023-26211
Mitre link : CVE-2023-26211
CVE.ORG link : CVE-2023-26211
JSON object : View
Products Affected
fortinet
- fortisoar
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')