CVE Database · CVE-2025-58324
CVSS v3.1
6.4
EPSS
0.25%
Published
Oct 14, 2025
Modified
Oct 14, 2025
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSIEM 7.2.0 through 7.2.2, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP requests.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:HWeaknesses (CWE)
Affected Products (1)
References (1)