CVE-2023-26211 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-26211 PUBLISHED CVSS 6.800000190734863 MEDIUM

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

EPSS 2.03% · 83.7th percentile

Risk Scores

CVSS v3.1

6.800000190734863

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS Score

2.03%

83.7th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiAnalyzer	7.0.0, 7.2.0, 7.4.0
Fortinet	FortiManager	7.0.0, 7.2.0, 7.4.0
fortinet	fortisoar	6.4.0, 7.4.0, 6.4.0
Fortinet	FortiSOAR	7.3.0, 6.4.0, 6.4.3

Timeline

Aug 13, 2024 CVE Published
Aug 13, 2024 CVE Updated
Aug 13, 2024 PoC Published
Aug 14, 2024 EPSS Score
Sep 3, 2024 EPSS Score
Sep 23, 2024 EPSS Score
Oct 14, 2024 EPSS Score
Nov 23, 2024 EPSS Score
Dec 14, 2024 EPSS Score
Jan 4, 2025 EPSS Score
Jan 24, 2025 EPSS Score
Feb 13, 2025 EPSS Score

References

https://fortiguard.com/psirt/FG-IR-23-088 url
https://nvd.nist.gov/vuln/detail/CVE-2023-26211 advisory
https://www.fortiguard.com/psirt/FG-IR-23-088 advisory
https://www.fortiguard.com/psirt/FG-IR-22-445 advisory
https://www.fortiguard.com/psirt/FG-IR-23-467 advisory
https://www.fortiguard.com/psirt/FG-IR-24-255 advisory
https://www.fortiguard.com/psirt/FG-IR-22-047 advisory
https://www.fortiguard.com/psirt/FG-IR-24-012 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-467 url

Open in Interactive Console →