Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-32932

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests

Published

2025-08-12T19:15:29.260

Last Modified

2025-08-15T12:25:28.417

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	fortisoar	< 7.5.2	Yes
Application	fortinet	fortisoar	< 7.6.2	Yes

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-513 Vendor Advisory ([email protected])