Fortinet FortiSIEM
cpe:2.3:a:fortinet:fortisiem:*:*:*:*:*:*:*
- 7.4.0
- 7.3.0
- 7.3.1
- 7.3.2
- 7.3.3
- 7.3.4
- 7.2.0
- 7.2.1
- 7.2.2
- 7.2.3
- 7.2.4
- 7.2.5
- 7.2.6
- ~7.1
- ~7.0
- ~6.7
- ~6.6
- ~6.5
- ~6.4
A cross-site scripting (XSS) vulnerability has been identified in Fortinet FortiSIEM versions 7.4.0, 7.3.0 through 7.3.4, 7.2.0 through 7.2.6, and all versions of FortiSIEM 7.1, 7.0, 6.7, 6.6, 6.5, and 6.4. This vulnerability allows a privileged administrator to execute unauthorized commands by sending crafted requests that exploit improper handling of script-related HTML tags.
Exploitation of this vulnerability could lead to unauthorized code execution or command execution on the affected system.
Users can upgrade to FortiSIEM 7.4.1 or above, FortiSIEM 7.3.5 or above, and FortiSIEM 7.2.7 or above. For FortiSIEM 7.1, 7.0, 6.7, 6.6, 6.5, and 6.4, users should migrate to a fixed release.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.