Description
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.
Published: 2023-10-10
Score: 3.4 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

Vendor Solution

Please upgrade to FortiMail version 7.4.0 or above Please upgrade to FortiMail version 7.2.3 or above Please upgrade to FortiMail version 7.0.6 or above

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-40581 An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.
References
Link Providers
https://fortiguard.com/psirt/FG-IR-23-194 cve-icon cve-icon
History

Wed, 18 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Fortinet Fortimail
cve-icon MITRE

Status: PUBLISHED

Assigner: fortinet

Published:

Updated: 2024-09-18T20:28:26.875Z

Reserved: 2023-06-25T18:03:39.226Z

Link: CVE-2023-36637

cve-icon Vulnrichment

Updated: 2024-08-02T16:52:54.245Z

cve-icon NVD

Status : Modified

Published: 2023-10-10T17:15:12.200

Modified: 2024-11-21T08:10:08.700

Link: CVE-2023-36637

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses