Primary

Context

Fortinet FortiSOAR Cross-Site Scripting Vulnerability

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in Fortinet FortiSOAR versions 7.6.1 and below, 7.5.1 and below, as well as all versions of 7.4, 7.3, 7.2, 7.0, and 6.4. This vulnerability allows authenticated remote attackers to execute XSS attacks by injecting malicious service requests that are stored and later executed.

Impact

Exploitation of this vulnerability allows for cross-site scripting attacks, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Remediation

Users can upgrade to FortiSOAR 7.6.2 or above, FortiSOAR 7.5.2 or above. For FortiSOAR versions 7.4, 7.3, 7.2, 7.0, and 6.4, users should migrate to a fixed release.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiSOAR Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiSOAR

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating