What is the severity of CVE-2023-36637?

The severity of CVE-2023-36637 is medium with a CVSS score of 5.4.

How does CVE-2023-36637 affect FortiMail?

CVE-2023-36637 affects FortiMail versions 7.2.0 through 7.2.2 and before 7.0.5.

What is the CWE category for CVE-2023-36637?

CVE-2023-36637 belongs to the CWE-79 category.

How can an attacker exploit CVE-2023-36637?

An authenticated attacker can exploit CVE-2023-36637 by injecting HTML tags in FortiMail's calendar via input fields.

Is there a patch or fix available for CVE-2023-36637?

A fix for CVE-2023-36637 is available in FortiMail version 7.0.5 and later.

Vulnerability/
CVE-2023-36637

medium

5.4

CWE

10/10/2023

18/9/2024

CVE-2023-36637: XSS

First published: Tue Oct 10 2023(Updated: )

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.

Credit: psirt@fortinet.com psirt@fortinet.com

Affected Software	Affected Version	How to fix
Fortinet FortiMail	>=7.0.1<=7.0.5
Fortinet FortiMail	=7.2.0
Fortinet FortiMail	=7.2.1
Fortinet FortiMail	=7.2.2

Remedy

Please upgrade to FortiMail version 7.4.0 or above Please upgrade to FortiMail version 7.2.3 or above Please upgrade to FortiMail version 7.0.6 or above

Never miss a vulnerability like this again

Reference Links

https://fortiguard.com/psirt/FG-IR-23-194

Frequently Asked Questions

What is the severity of CVE-2023-36637?
The severity of CVE-2023-36637 is medium with a CVSS score of 5.4.
How does CVE-2023-36637 affect FortiMail?
CVE-2023-36637 affects FortiMail versions 7.2.0 through 7.2.2 and before 7.0.5.
What is the CWE category for CVE-2023-36637?
CVE-2023-36637 belongs to the CWE-79 category.
How can an attacker exploit CVE-2023-36637?
An authenticated attacker can exploit CVE-2023-36637 by injecting HTML tags in FortiMail's calendar via input fields.
Is there a patch or fix available for CVE-2023-36637?
A fix for CVE-2023-36637 is available in FortiMail version 7.0.5 and later.

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/last-modified-date
agent/references
agent/remedy
agent/tags
agent/description
agent/event
agent/first-publish-date
vendor/fortinet
canonical/fortinet fortimail
version/fortinet fortimail/7.0.1
version/fortinet fortimail/7.0.5
version/fortinet fortimail/7.2.0
version/fortinet fortimail/7.2.1
version/fortinet fortimail/7.2.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.