Vulnerability Details CVE-2025-32932
An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2025-32932
-
cpe:2.3:a:fortinet:fortisoar:6.4.0
-
cpe:2.3:a:fortinet:fortisoar:6.4.1
-
cpe:2.3:a:fortinet:fortisoar:6.4.3
-
cpe:2.3:a:fortinet:fortisoar:6.4.4
-
cpe:2.3:a:fortinet:fortisoar:7.0.0
-
cpe:2.3:a:fortinet:fortisoar:7.0.1
-
cpe:2.3:a:fortinet:fortisoar:7.0.2
-
cpe:2.3:a:fortinet:fortisoar:7.0.3
-
cpe:2.3:a:fortinet:fortisoar:7.2.0
-
cpe:2.3:a:fortinet:fortisoar:7.2.1
-
cpe:2.3:a:fortinet:fortisoar:7.2.2
-
cpe:2.3:a:fortinet:fortisoar:7.3.0
-
cpe:2.3:a:fortinet:fortisoar:7.3.1
-
cpe:2.3:a:fortinet:fortisoar:7.3.2
-
cpe:2.3:a:fortinet:fortisoar:7.3.3
-
cpe:2.3:a:fortinet:fortisoar:7.4.0
-
cpe:2.3:a:fortinet:fortisoar:7.4.1
-
cpe:2.3:a:fortinet:fortisoar:7.4.2
-
cpe:2.3:a:fortinet:fortisoar:7.4.3
-
cpe:2.3:a:fortinet:fortisoar:7.4.4
-
cpe:2.3:a:fortinet:fortisoar:7.4.5
-
cpe:2.3:a:fortinet:fortisoar:7.5.0
-
cpe:2.3:a:fortinet:fortisoar:7.5.1
-
cpe:2.3:a:fortinet:fortisoar:7.6.0
-
cpe:2.3:a:fortinet:fortisoar:7.6.1