Lucene search
HistoryOct 10, 2023 - 5:15 p.m.
CVE-2023-36555
improper neutralization html tags
web page
fortinet
unauthorized code
saml
security fabric
cve-2023-36555
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
18.6%
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.
Affected configurations
Node
fortinetfortiosRange7.2.0–7.2.4
References
Related
cvelist
cvelist
CVE-2023-36555
2023-10-10 16:48:32
fortinet
fortinet
Protect
2023-10-10 00:00:00
cve
cve
CVE-2023-36555
2023-10-10 17:15:12
nessus
nessus
Fortinet Fortigate xss (FG-IR-23-104)
2023-10-13 00:00:00
prion
prion
Design/Logic Flaw
2023-10-10 17:15:00
vulnrichment
vulnrichment
CVE-2023-36555
2023-10-10 16:48:32
ics
ics
Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices
2024-03-14 12:00:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
18.6%
Related for NVD:CVE-2023-36555