Cross-Site Scripting Vulnerabilities in FortiSIEM by Fortinet
CVE-2024-27780

2.2LOW

Key Information:

Vendor
Fortinet
Status
Fortisiem
Vendor
CVE Published:
11 February 2025

Summary

FortiSIEM by Fortinet has been identified with multiple vulnerabilities that allow for improper neutralization of input during web page generation, commonly referred to as Cross-site Scripting (XSS). These vulnerabilities, present in FortiSIEM versions 7.1, 7.0, and 6.7, could enable authenticated attackers to execute arbitrary scripts in the context of a user's session via specially crafted HTTP requests. This exploitation could lead to data theft, session hijacking, and other malicious actions.

Affected Version(s)

FortiSIEM 7.1.0 <= 7.1.7

FortiSIEM 7.0.0 <= 7.0.3

FortiSIEM 6.7.0 <= 6.7.9

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-324

CVSS V3.1

Score:
2.2
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.