CVE-2023-26211

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSOAR versions 7.3.0 through 7.3.2

Description: The issue is related to the improper neutralization of input during web page generation, which can lead to cross-site scripting attacks. This allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. The vulnerability can be exploited by a remote attacker, potentially leading to security incidents.

Recommendations: For Fortinet FortiSOAR versions 7.3.0 through 7.3.2, update to a version that includes the fix for this issue to prevent cross-site scripting attacks. As a temporary workaround, consider restricting access to the Communications module to minimize the risk of exploitation.