CVE-2022-26114

Name of the Vulnerable Software and Affected Versions FortiMail versions prior to 7.2.0

Description The issue is related to an improper neutralization of input during web page generation, which may allow an unauthenticated attacker to trigger a cross-site scripting (XSS) attack via sending specially crafted mail messages.

Recommendations For versions prior to 7.2.0, update to version 7.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Webmail feature to minimize the risk of exploitation. Avoid using the Webmail feature until the issue is resolved.