CVE-2025-22855
published 2025-04-08CVE-2025-22855: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | forticlient | — | — |
| fortinet | forticlientems | — | — |
| fortinet | forticlientems | 7.2.1 – 7.2.10 | — |
| fortinet | forticlientems | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | forticlientems | 7.4.0 – 7.4.1 | — |
| fortinet | fortinet | — | — |