CVE-2025-58324

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 81.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortisiem
Timeline
PublishedOct 14

Description

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages2 packages

NVDfortinet/fortisiem6.2.07.2.3
CVEListV5fortinet/fortisiem7.2.07.2.2+8

🔴Vulnerability Details

2
GHSA
GHSA-vjwm-vh33-rm7v: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 72025-10-14
CVEList
CVE-2025-58324: An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 72025-10-14

📋Vendor Advisories

1
Fortinet
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2,...2025-10-14
CVE-2025-58324 (MEDIUM CVSS 4.8) | An improper neutralization of input | cvebase.io