CNNVD-202510-1959 Information
CNNVD ID
CNNVD-202510-1959
Related CVE
- CNNVD Published: 2025-10-14
Description (Chinese)
Fortinet FortiSIEM是美国飞塔(Fortinet)公司的一套安全信息和事件管理系统。该系统包括资产发现、工作流程自动化和统一管理等功能。 Fortinet FortiSIEM存在跨站脚本漏洞,该漏洞源于网页生成期间输入中和不当,可能导致存储型跨站脚本攻击。以下版本受到影响:7.2.0版本至7.2.2版本、7.1所有版本、7.0所有版本、6.7所有版本、6.6所有版本、6.5所有版本、6.4所有版本、6.3所有版本和6.2所有版本。
Description (English)
Fortinet FortiSIEM is a security information and incident management system for Fortinet. The system includes features such as asset detection, workflow automation and integrated management. Fortinet FortiSIEM has a cross-site script loophole, which arises from the incongruousness of the input during the web page generation and may lead to a storage-type cross-site script attack. The following versions were affected: 7.2.0 to 7.2.2, 7.1 to all, 7.0 to all, 6.7 to all, 6.6 to all, 6.5 to all, 6.4, 6.3 to all and 6.2 to all.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
飞塔
Published
2025-10-14
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-24-280 https://access.redhat.com/security/cve/cve-2025-58324
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-24-280
Share on: