PSIRT Advisories

FortiSOAR - HTML Injection Vulnerabilities


Improper neutralization of input during web page generation [CWE-79] in FortiSOAR may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR.

Affected Products

FortiSOAR version 7.2.0
FortiSOAR version 7.0.0 through 7.0.3


Please upgrade to FortiSOAR version 7.2.1 or above