CVE-2023-26211
published 2024-08-13CVE-2023-26211: An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated…
critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortisoar | — | — |
| fortinet | fortisoar | — | — |
| fortinet | fortisoar | >= 6.4.0 < 7.3.3 | 7.3.3 |
| fortinet | fortisoar | 6.4.0 – 6.4.1 | — |
| fortinet | fortisoar | 6.4.3 – 6.4.4 | — |
| fortinet | fortisoar | 7.0.0 – 7.0.3 | — |
| fortinet | fortisoar | 7.2.0 – 7.2.2 | — |
| fortinet | fortisoar | 7.3.0 – 7.3.2 | — |