2 matches found
CVE-2026-25972
Fortinet FortiSIEM versions 7.3.0–7.3.4 and 7.4.0 have an improper neutralization of input during web page generation that enables cross-site scripting. An unauthenticated remote attacker can supply arbitrary data via spoofed URL parameters to perform a social engineering attack via the UI. CVSSv...
CVE-2026-25972
An improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters...