Vulnerabilities > Fortinet > Fortisoar > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-06 | CVE-2022-38379 | Cross-site Scripting vulnerability in Fortinet Fortisoar 7.0.0/7.0.1/7.2.0 Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. | 5.4 |
| 2022-11-02 | CVE-2022-42473 | Missing Authentication for Critical Function vulnerability in Fortinet Fortisoar A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. | 5.5 |