An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.
References
Link | Resource |
---|---|
https://fortiguard.com/psirt/FG-IR-23-194 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fortinet
Published: 2023-10-10T16:50:16.269Z
Updated: 2023-10-10T16:50:16.269Z
Reserved: 2023-06-25T18:03:39.226Z
Link: CVE-2023-36637
JSON object: View
NVD Information
Status : Modified
Published: 2023-10-10T17:15:12.200
Modified: 2023-11-07T04:16:39.597
Link: CVE-2023-36637
JSON object: View
Redhat Information
No data.
CWE