Medium4.1Fortinet
FortiSIEM: improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet For…
CVE-2026-25972 Published Mar 10, 2026Updated by vendor Jun 17, 2026
CVE-2026-25972
Affected products & platforms
FortinetFortiSIEM
Summary
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.
Affected versions
- FortiSIEM 7.4: 7.4.0
- FortiSIEM 7.3: 7.3.0 through 7.3.4
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Fixed versions
- FortiSIEM 7.4: 7.4.1
- FortiSIEM 7.3: 7.3.5
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Upgrade per the Affected/Solution table: FortiSIEM 7.4: 7.4.1; FortiSIEM 7.3: 7.3.5.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.