CVE-2025-22855

Low CVSS 2.7

Overview

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

CWE: CWE-79 Published: 2025-04-08T14:15:32.690

Risk analysis

This vulnerability is rated 🟢 LOW.

CVSS: 2.7 (LOW)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags