Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2023-26211

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

  • Published: Aug 13, 2024
  • Updated: Aug 23, 2024
  • CVE: CVE-2023-26211
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9
  • AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortisoar 6.4.0 7.3.3
fortinet / fortisoar 7.4.0 7.4.0.x