Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
PR:H confirmed by requirement for existing admin session; S:C reflects script executing in victim browser outside app context; C/I/A:L appropriate for session-level XSS impact.
Primary rating from Vendor (fortinet).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionNVD
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.2.0 through 7.2.6, FortiSIEM 7.1 all versions, FortiSIEM 7.0 all versions, FortiSIEM 6.7 all versions, FortiSIEM 6.6 all versions, FortiSIEM 6.5 all versions, FortiSIEM 6.4 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
AnalysisAI
Stored or reflected cross-site scripting in Fortinet FortiSIEM's web interface enables a high-privileged authenticated attacker to inject malicious script tags that execute in the browsers of other users who view the affected page. The vulnerability spans a wide version range from FortiSIEM 6.4 through 7.4.0, affecting all deployments of this enterprise SIEM platform. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold a high-privilege authenticated session within the FortiSIEM web interface (PR:H per CVSS vector), meaning they must already possess valid admin-level credentials or have compromised such an account. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.9 Medium score reflects the tension between a network-accessible attack vector with low complexity (AV:N/AC:L) and the mitigating constraints of high privilege required and mandatory user interaction (PR:H/UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or compromised a high-privileged FortiSIEM administrator account navigates to an input field in the web UI - such as a report name, custom rule description, or notification template - and injects a malicious JavaScript payload using raw script tags. When a security analyst or peer administrator subsequently views the affected page, the payload executes silently in their browser, exfiltrating their FortiSIEM session token to an attacker-controlled server and granting the attacker a second authenticated session without needing to know the victim's credentials. |
| Remediation | Consult the Fortinet PSIRT advisory at https://fortiguard.fortinet.com/psirt/FG-IR-26-149 for the authoritative patch version; no specific fixed release version was present in the available input data, so an exact upgrade target cannot be cited here. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
Fortinet FortiSIEM (6.7.0 through 7.4.0) has OS command injection via crafted TCP requests. As a SIEM, compromise gives
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 a
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM versi
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet a
A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versi
A improper authentication vulnerability in Fortinet FortiSIEM before 6.5.0 allows a local attacker with CLI access to pe
A improper privilege management in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows attacker to execute p
An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may
A unprotected storage of credentials in Fortinet FortiSIEM Windows Agent version 4.1.4 and below allows an authenticated
Same weakness CWE-80 – Basic XSS
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44668
GHSA-qgv9-w22c-fhgv