Fortinet FortiOS and FortiProxy Cross-Site Scripting Vulnerability in Web SSL VPN UI

Vulnerability

A Cross-Site Scripting vulnerability has been identified in Fortinet FortiOS versions 7.4.3 and prior, 7.2.7 and prior, and 7.0.13 and prior. Additionally, FortiProxy versions 7.4.3 and prior, 7.2.9 and prior, and 7.0.16 and prior are also affected. This vulnerability arises from improper input neutralization during web page generation, allowing remote unauthenticated attackers to execute Cross-Site Scripting attacks via a malicious Samba server.

Impact

Exploitation of this vulnerability allows for Cross-Site Scripting attacks, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Fortinet FortiOS and FortiProxy Cross-Site Scripting Vulnerability in Web SSL VPN UI

Vulnerability

Impact

Affected Products

Fortinet FortiOS

Fortinet FortiProxy

CVSS Scores