CVE-2025-22855 Information

Description

An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

Reference

https://fortiguard.fortinet.com/psirt/FG-IR-23-344