CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25972

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide arbitrary data enabling a social engineering attack via spoofed URL parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.7%

CVSS Severity

CVSS v3 Score 4.3

References

https://fortiguard.fortinet.com/psirt/FG-IR-26-077

Products affected by CVE-2026-25972

Fortinet » Fortisiem » Version: 7.3.0

cpe:2.3:a:fortinet:fortisiem:7.3.0
Fortinet » Fortisiem » Version: 7.3.1

cpe:2.3:a:fortinet:fortisiem:7.3.1
Fortinet » Fortisiem » Version: 7.3.2

cpe:2.3:a:fortinet:fortisiem:7.3.2
Fortinet » Fortisiem » Version: 7.3.3

cpe:2.3:a:fortinet:fortisiem:7.3.3
Fortinet » Fortisiem » Version: 7.3.4

cpe:2.3:a:fortinet:fortisiem:7.3.4
Fortinet » Fortisiem » Version: 7.4.0

cpe:2.3:a:fortinet:fortisiem:7.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25972

Products

Pricing

Contact Us