CVE-2025-22855

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClient versions prior to 7.4.1

Description: The issue is related to an improper neutralization of input during web page generation, also known as Cross-site Scripting. This may allow the EMS administrator to send messages containing javascript code.

Recommendations: For versions prior to 7.4.1, update to version 7.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the ability of the EMS administrator to send messages containing javascript code until a patch is applied.