CVE-2025-22855

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 62.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Forticlientems

Timeline

PublishedApr 8

Description

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages2 packages

▶NVDfortinet/forticlientems7.4.0 — 7.4.3+1

▶CVEListV5fortinet/forticlientems7.4.0 — 7.4.1+1

🔴Vulnerability Details

CVEList

CVE-2025-22855: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7↗2025-04-08

▶

GHSA

GHSA-962v-6x3f-5mw4: An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7↗2025-04-08

▶

📋Vendor Advisories

Fortinet

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortin...↗2025-04-08

▶