An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail may allow an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.
|Upgrade to 7.4.0 or above
|7.2.0 through 7.2.2
|Upgrade to 7.2.3 or above
|7.0.1 through 7.0.5
|Upgrade to 7.0.6 or above
Internally discovered and reported by Hritik Sateesh from Fortinet's Burnaby InfoSec team.
2023-09-29: Initial publication