CVE-2023-26211 — Vulnetix

CVE-2023-26211 PUBLISHED CVSS 6.800000190734863 MEDIUM

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.

EPSS 2.03% · 84.2th percentile

Risk Scores

CVSS 3.1

6.800000190734863

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

EPSS Score

2.03%

84.2th percentile

Affected Products

Vendor	Product	Versions
Fortinet	FortiAnalyzer	7.2.0, 7.0.0, 7.4.0
Fortinet	FortiManager	7.2.0, 7.0.0, 7.4.0
fortinet	fortisoar	7.4.0, 7.4.0, 6.4.0
Fortinet	FortiSOAR	7.3.0, 7.0.0, 7.2.0

Exploit Intelligence

CIRCL seen: CVE-2024-21757 (circl-sighting)
https://fortiguard.fortinet.com/psirt/FG-IR-23-467 (circl)
https://fortiguard.com/psirt/FG-IR-23-088 (circl)

Timeline

Aug 13, 2024 CVE Published
Aug 13, 2024 CVE Updated
Aug 13, 2024 PoC Published
Aug 14, 2024 EPSS Score
Sep 4, 2024 EPSS Score
Sep 25, 2024 EPSS Score
Oct 15, 2024 EPSS Score
Nov 26, 2024 EPSS Score
Dec 18, 2024 EPSS Score
Jan 8, 2025 EPSS Score
Jan 29, 2025 EPSS Score
Feb 18, 2025 EPSS Score

References

https://fortiguard.com/psirt/FG-IR-23-088 url
https://nvd.nist.gov/vuln/detail/CVE-2023-26211 advisory
https://www.fortiguard.com/psirt/FG-IR-23-088 advisory
https://www.fortiguard.com/psirt/FG-IR-22-445 advisory
https://www.fortiguard.com/psirt/FG-IR-23-467 advisory
https://www.fortiguard.com/psirt/FG-IR-24-255 advisory
https://www.fortiguard.com/psirt/FG-IR-22-047 advisory
https://www.fortiguard.com/psirt/FG-IR-24-012 advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-467 url

Open in Interactive Console →