Fortinet FortiSIEM Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Fortinet FortiSIEM versions 7.4.0, 7.3.0 through 7.3.4, 7.2.0 through 7.2.6, and all versions of FortiSIEM 7.1, 7.0, 6.7, 6.6, 6.5, and 6.4. This vulnerability allows a privileged administrator to execute unauthorized commands by sending crafted requests that exploit improper handling of script-related HTML tags.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution or command execution on the affected system.

Remediation

Users can upgrade to FortiSIEM 7.4.1 or above, FortiSIEM 7.3.5 or above, and FortiSIEM 7.2.7 or above. For FortiSIEM 7.1, 7.0, 6.7, 6.6, 6.5, and 6.4, users should migrate to a fixed release.

Added: Jul 15, 2026, 2:23 PM
Updated: Jul 15, 2026, 2:23 PM

Vulnerability Rating

Custom Algorithm
spread
1.9
impact
5.4
exploitability
4.8
remediation
7.7
relevance
9.7
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.