Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-22855

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

Published

2025-04-08T14:15:32.690

Last Modified

2025-07-23T16:03:19.720

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 2.7 (LOW)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	forticlientems	≤ 7.2.10	Yes
Application	fortinet	forticlientems	< 7.4.3	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-23-344 Vendor Advisory ([email protected])