Improper Neutralization of HTML Tags in Fortinet FortiSIEM Product Line
CVE-2026-59838
5.3MEDIUM
What is CVE-2026-59838?
A cross-site scripting vulnerability exists in multiple versions of Fortinet's FortiSIEM products due to improper neutralization of HTML tags in web pages. This flaw enables an attacker to inject malicious scripts, which could lead to unauthorized execution of code or commands when users interact with the affected web application. Attackers leveraging this vulnerability could gain access to sensitive information or perform actions on behalf of users, posing significant risks to security.
Affected Version(s)
FortiSIEM 7.4.0
FortiSIEM 7.3.0 <= 7.3.4
FortiSIEM 7.2.0 <= 7.2.6