CVE-2025-32932

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.0%

top 89.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisoar

Timeline

PublishedAug 12

Description

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:NExploitability: 1.3 | Impact: 4.7

Affected Packages2 packages

▶NVDfortinet/fortisoar6.4.0 — 7.5.2+1

▶CVEListV5fortinet/fortisoar7.6.0 — 7.6.1+7

🔴Vulnerability Details

GHSA

GHSA-6939-w5q9-2hhc: An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7↗2025-08-12

▶

CVEList

CVE-2025-32932: An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7↗2025-08-12

▶

📋Vendor Advisories

Fortinet

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiS...↗2025-08-12

▶