PT-2026-24249 · Fortinet · Fortisiem

Published

2026-03-10

Updated

2026-03-17

CVE-2026-25972

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Fortinet FortiSIEM versions 7.3.0 through 7.3.4 Fortinet FortiSIEM version 7.4.0

Description The software contains a flaw related to improper neutralization of input during web page generation, which can lead to cross-site scripting. A remote, unauthenticated attacker may be able to provide arbitrary data, potentially enabling a social engineering attack through manipulated URL parameters.

Recommendations Fortinet FortiSIEM versions 7.3.0 through 7.3.4 should be updated. Fortinet FortiSIEM version 7.4.0 should be updated.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2026-03217

CVE-2026-25972

Affected Products

Fortisiem

PT-2026-24249 · Fortinet · Fortisiem

CVE-2026-25972

Weakness Enumeration

Related Identifiers

Affected Products

References · 5