CVE-2026-25972 Fortinet — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	4.3 (MEDIUM)
Type	CWE-79 (Cross-Site Scripting (XSS) (Межсайтовый скриптинг))
Vendor	Fortinet
Public PoC	No

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Privileges Required

None

Права не нужны

User Interaction

Required

Нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

Low

Частичная модификация данных

Availability

None

Нет нарушения работы

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS) (Межсайтовый скриптинг)

References 1

https://fortiguard.fortinet.com/psirt/FG-IR-26-077

psirt@fortinet.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-30897

Fortinet

6.6

CVE-2026-25836

Fortinet

7.2

CVE-2026-25689

Fortinet

6.5

CVE-2026-24641

Fortinet

2.7

CVE-2026-24640

Fortinet

6.6

Menu

CVE-2026-25972

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-30897

CVE-2026-25836

CVE-2026-25689

CVE-2026-24641

CVE-2026-24640

CVE Details

Editor's Choice

Menu

CVE-2026-25972

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-30897

CVE-2026-25836

CVE-2026-25689

CVE-2026-24641

CVE-2026-24640

CVE Details

Editor's Choice

Stay informed on cybersecurity