An improper neutralization of special elements used in a template engine vulnerability [CWE-1336] in FortiSOAR management interface may allow a remote and authenticated attacker to execute arbitrary code via a crafted payload.
|7.3.0 through 7.3.1
|Upgrade to 7.3.2 or above
AcknowledgementInternally discovered and reported by Boumediene Kaddour from System and Sales Team
2023-04-04: Initial publication
2023-04-12: Update Solutions and Acknowledgement