Cross-Site Scripting Vulnerabilities in FortiSIEM by Fortinet
CVE-2024-27780

5.4MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortisiem
Vendor: CVE Published:; 11 February 2025

What is CVE-2024-27780?

FortiSIEM by Fortinet has been identified with multiple vulnerabilities that allow for improper neutralization of input during web page generation, commonly referred to as Cross-site Scripting (XSS). These vulnerabilities, present in FortiSIEM versions 7.1, 7.0, and 6.7, could enable authenticated attackers to execute arbitrary scripts in the context of a user's session via specially crafted HTTP requests. This exploitation could lead to data theft, session hijacking, and other malicious actions.

Affected Version(s)

FortiSIEM 7.1.0 <= 7.1.7

FortiSIEM 7.0.0 <= 7.0.3

FortiSIEM 6.7.0 <= 6.7.9

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-324

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Feb 26, 2024