Cross-Site Scripting Vulnerabilities in FortiSIEM by Fortinet
CVE-2024-27780
2.2LOW
What is CVE-2024-27780?
FortiSIEM by Fortinet has been identified with multiple vulnerabilities that allow for improper neutralization of input during web page generation, commonly referred to as Cross-site Scripting (XSS). These vulnerabilities, present in FortiSIEM versions 7.1, 7.0, and 6.7, could enable authenticated attackers to execute arbitrary scripts in the context of a user's session via specially crafted HTTP requests. This exploitation could lead to data theft, session hijacking, and other malicious actions.
Affected Version(s)
FortiSIEM 7.1.0 <= 7.1.7
FortiSIEM 7.0.0 <= 7.0.3
FortiSIEM 6.7.0 <= 6.7.9