CVE-2023-36555 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Fortinet Fortios

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting5 documents5 sources

Severity

5.4MEDIUMNVD

CNA3.9

EPSS

0.1%

top 68.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedOct 10

Latest updateMar 14

Description

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5fortinet/fortios7.2.0 — 7.2.4

▶NVDfortinet/fortios7.2.0 — 7.2.4

🔴Vulnerability Details

CVEList

CVE-2023-36555: An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7↗2023-10-10

▶

GHSA

GHSA-58hq-j29m-mmq2: An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7↗2023-10-10

▶

📋Vendor Advisories

CISA ICS

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices↗2024-03-14

▶

Fortinet

HTML injection in SAML and Security Fabric components↗2023-10-10

▶