CVE-2022-26114
published 2022-09-06CVE-2022-26114: An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
An improper neutralization of input during web page generation vulnerability [CWE-79] in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortimail | < 7.2.0 | 7.2.0 |
| fortinet | fortimail | — | — |
| fortinet | fortinet_fortimail | — | — |