CVE-2023-36637

Name of the Vulnerable Software and Affected Versions FortiMail versions 7.0.0 through 7.0.4 FortiMail versions 7.2.0 through 7.2.2

Description The issue is related to the improper neutralization of input during web page generation, which can be exploited by a remote attacker to execute arbitrary code. An authenticated attacker can inject HTML tags in FortiMail's calendar via input fields.

Recommendations For FortiMail versions 7.0.0 through 7.0.4, update to version 7.0.5 or later. For FortiMail versions 7.2.0 through 7.2.2, update to a version later than 7.2.2. As a temporary workaround, consider restricting access to the calendar feature in FortiMail to minimize the risk of exploitation.