Vulnerability Details CVE-2023-36637
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.2%
CVSS Severity
CVSS v3 Score 3.5
Products affected by CVE-2023-36637
-
cpe:2.3:a:fortinet:fortimail:7.0.1
-
cpe:2.3:a:fortinet:fortimail:7.0.2
-
cpe:2.3:a:fortinet:fortimail:7.0.3
-
cpe:2.3:a:fortinet:fortimail:7.0.4
-
cpe:2.3:a:fortinet:fortimail:7.0.5
-
cpe:2.3:a:fortinet:fortimail:7.2.0
-
cpe:2.3:a:fortinet:fortimail:7.2.1
-
cpe:2.3:a:fortinet:fortimail:7.2.2