Cross-Site Scripting in Domain parameter
Summary
CVSSv3 Score: 5.3 An Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability [CWE-80] in FortiSIEM may allow a privileged administrator to execute unauthorized commands via crafted requests. Revised on 2026-07-14 00:00:00
- FortiSIEM 7.4: 7.4.0
- FortiSIEM 7.3: 7.3.0 through 7.3.4
- FortiSIEM 7.2: 7.2.0 through 7.2.6
- FortiSIEM 7.1: 7.1 all versions
- FortiSIEM 7.0: 7.0 all versions
- FortiSIEM 6.7: 6.7 all versions
- FortiSIEM 6.6: 6.6 all versions
- FortiSIEM 6.5: 6.5 all versions
- FortiSIEM 6.4: 6.4 all versions
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- FortiSIEM 7.4: 7.4.1
- FortiSIEM 7.3: 7.3.5
- FortiSIEM 7.2: 7.2.7
- FortiSIEM 7.1: migrate to a fixed release
- FortiSIEM 7.0: migrate to a fixed release
- FortiSIEM 6.7: migrate to a fixed release
- FortiSIEM 6.6: migrate to a fixed release
- FortiSIEM 6.5: migrate to a fixed release
- FortiSIEM 6.4: migrate to a fixed release
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Upgrade per the Affected/Solution table: FortiSIEM 7.4: 7.4.1; FortiSIEM 7.3: 7.3.5; FortiSIEM 7.2: 7.2.7; FortiSIEM 7.1: migrate to a fixed release; FortiSIEM 7.0: migrate to a fixed release; ….
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.