PT-2025-41951 · Fortinet · Fortisase+2
Published
2025-10-14
·
Updated
2025-10-16
·
CVE-2025-31366
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
FortiOS versions 6.4 through 7.6.3
FortiProxy versions 7.0 through 7.6.3
FortiSASE version 25.3.a
Description
An Improper Neutralization of Input During Web Page Generation issue exists in FortiOS, FortiProxy, and FortiSASE. This allows an unauthenticated attacker to perform a reflected cross-site scripting (XSS) attack via crafted HTTP requests.
Recommendations
FortiOS versions prior to 7.6.3
FortiProxy versions prior to 7.6.3
FortiSASE version 25.3.a
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortios
Fortiproxy
Fortisase