HTML Injection Vulnerabilities
Summary
Improper neutralization of input during web page generation [CWE-79] in FortiSOAR may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.
Version | Affected | Solution |
---|---|---|
FortiSOAR 7.2 | 7.2.0 | Upgrade to 7.2.1 or above |
FortiSOAR 7.0 | 7.0 all versions | Migrate to a fixed release |