CVE-2023-26211

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.
References
Link Resource
https://fortiguard.com/psirt/FG-IR-23-088 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*

History

22 Aug 2024, 14:33

Type Values Removed Values Added
Summary
  • (es) Una neutralización inadecuada de la entrada durante la generación de páginas web ("cross-site scripting") en Fortinet FortiSOAR 7.3.0 a 7.3.2 permite a un atacante remoto autenticado inyectar scripts web o HTML arbitrarios a través del módulo de Comunicaciones.
CVSS v2 : unknown
v3 : 6.8
v2 : unknown
v3 : 9.0
CPE cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*
cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*
First Time Fortinet fortisoar
Fortinet
References () https://fortiguard.com/psirt/FG-IR-23-088 - () https://fortiguard.com/psirt/FG-IR-23-088 - Vendor Advisory

13 Aug 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 16:15

Updated : 2024-08-22 14:33


NVD link : CVE-2023-26211

Mitre link : CVE-2023-26211

CVE.ORG link : CVE-2023-26211


JSON object : View

Products Affected

fortinet

  • fortisoar
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')