Fortisiem
CVE-2026-25972
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.
AnalysisAI
FortiSIEM 7.3.0-7.3.4 and 7.4.0 are vulnerable to reflected cross-site scripting that allows unauthenticated remote attackers to inject malicious scripts through URL parameters, enabling social engineering attacks against users who click malicious links. The vulnerability requires user interaction to trigger but has no authentication requirements, making it practical for phishing campaigns that redirect victims to spoofed pages.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the spoofed URL component of Fortisiem. An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 a
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM versi
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet a
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versi
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to pe
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute p
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may
A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today