CVE-2024-27780

Published Feb 11, 2025

Last updated 17 days ago

Overview

Description: Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.
Source: psirt@fortinet.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 2.2
Impact score: 1.4
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Severity: LOW

Weaknesses

psirt@fortinet.com: CWE-79

Hype score: Not currently trending

CVE-2024-27780 Multiple Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilities [CWE-79] in FortiSIEM 7.1 all versions, 7.0 all version… https://t.co/esgUTFDcZY
@CVEnew
11 Feb 2025
119 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References