CVE-2025-58412Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Fortinet Fortiadc

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)4 documents4 sources
Severity
6.1MEDIUMNVD
CNA4.7
EPSS
0.1%
top 81.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fortinet Fortiadc
Timeline
PublishedNov 19

Description

A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0, FortiADC 7.6.0 through 7.6.3, FortiADC 7.4 all versions, FortiADC 7.2 all versions may allow attacker to execute unauthorized code or commands via crafted URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

NVDfortinet/fortiadc7.2.07.6.4+1
CVEListV5fortinet/fortiadc7.6.07.6.3+3

🔴Vulnerability Details

2
GHSA
GHSA-g9vf-m9qr-pwpw: A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 82025-11-19
CVEList
CVE-2025-58412: A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 82025-11-19

📋Vendor Advisories

1
Fortinet
A improper neutralization of script-related html tags in a web page (basic xss) vulnerability in Fortinet FortiADC 8.0.0...2025-11-19
CVE-2025-58412 — Fortinet Fortiadc vulnerability | cvebase