Vulnerability Details CVE-2023-26211
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.4%
CVSS Severity
CVSS v3 Score 6.8
References
Products affected by CVE-2023-26211
-
cpe:2.3:a:fortinet:fortisoar:6.4.0
-
cpe:2.3:a:fortinet:fortisoar:6.4.1
-
cpe:2.3:a:fortinet:fortisoar:6.4.3
-
cpe:2.3:a:fortinet:fortisoar:6.4.4
-
cpe:2.3:a:fortinet:fortisoar:7.0.0
-
cpe:2.3:a:fortinet:fortisoar:7.0.1
-
cpe:2.3:a:fortinet:fortisoar:7.0.2
-
cpe:2.3:a:fortinet:fortisoar:7.0.3
-
cpe:2.3:a:fortinet:fortisoar:7.2.0
-
cpe:2.3:a:fortinet:fortisoar:7.2.1
-
cpe:2.3:a:fortinet:fortisoar:7.2.2
-
cpe:2.3:a:fortinet:fortisoar:7.3.0
-
cpe:2.3:a:fortinet:fortisoar:7.3.1
-
cpe:2.3:a:fortinet:fortisoar:7.3.2
-
cpe:2.3:a:fortinet:fortisoar:7.4.0