CVE-2023-26211

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

9.0CRITICAL

EPSS

2.0%

top 16.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisoar

Timeline

PublishedAug 13

Description

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDfortinet/fortisoar6.4.0 — 7.3.3+1

▶CVEListV5fortinet/fortisoar7.3.0 — 7.3.2+4

🔴Vulnerability Details

GHSA

GHSA-4vr6-qr4v-xmvq: An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7↗2024-08-13

▶

CVEList

CVE-2023-26211: An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7↗2024-08-13

▶

📋Vendor Advisories

Fortinet

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 thro...↗2024-08-13

▶