Lucene search
FortinetCVE-2023-26211HistoryAug 13, 2024 - 4:15 p.m.
CVE-2023-26211
2024-08-1316:15:08
CWE-79
fortinet
web.nvd.nist.gov
38
cve-2023-26211
cross-site scripting
fortinet fortisoar
communications module
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module.
Affected configurations
Node
fortinetfortisoarRange6.4.0–7.3.3
ORfortinetfortisoarMatch7.4.0
CNA Affected
[
{
"vendor": "Fortinet",
"product": "FortiSOAR",
"defaultStatus": "unaffected",
"versions": [
{
"versionType": "semver",
"version": "7.3.0",
"lessThanOrEqual": "7.3.2",
"status": "affected"
},
{
"versionType": "semver",
"version": "7.2.0",
"lessThanOrEqual": "7.2.2",
"status": "affected"
},
{
"versionType": "semver",
"version": "7.0.0",
"lessThanOrEqual": "7.0.3",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.3",
"lessThanOrEqual": "6.4.4",
"status": "affected"
},
{
"versionType": "semver",
"version": "6.4.0",
"lessThanOrEqual": "6.4.1",
"status": "affected"
}
]
}
]References
Related
nvd
nvd
CVE-2023-26211
2024-08-13 16:15:08
vulnrichment
vulnrichment
CVE-2023-26211
2024-08-13 15:51:56
cvelist
cvelist
CVE-2023-26211
2024-08-13 15:51:56
CVSS3
9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS
0.001
Percentile
20.0%
Related for CVE-2023-26211