CVE-2025-58324: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7…

medium4.8CVSS 3.1

AVNACLPRHUIRSCCLILAN

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.

Affected

11 ranges

Vendor	Product	Version range	Fixed in
fortinet	fortisiem	—	—
fortinet	fortisiem	>= 6.2.0 < 7.2.3	7.2.3
fortinet	fortisiem	6.2.0 – 6.2.1	—
fortinet	fortisiem	6.3.0 – 6.3.3	—
fortinet	fortisiem	6.4.0 – 6.4.4	—
fortinet	fortisiem	6.5.0 – 6.5.3	—
fortinet	fortisiem	6.6.0 – 6.6.5	—
fortinet	fortisiem	6.7.0 – 6.7.10	—
fortinet	fortisiem	7.0.0 – 7.0.4	—
fortinet	fortisiem	7.1.0 – 7.1.9	—
fortinet	fortisiem	7.2.0 – 7.2.2	—