CVE-2023-36555 LOW

CVE-2023-36555

Vendor Fortinet
Product FortiOS
Weakness CWE-80 · XSS · basic
Published October 10, 2023
Last update September 18, 2024

CVSS base score

3.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L/E:U/RL:X/RC:X

What the vulnerability does

01Description

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.

Key dates

02Disclosure timeline

October 10, 2023 CVE published
September 18, 2024 Record updated