CVE-2024-26006 MEDIUM

CVE-2024-26006

Vendor Fortinet
Product FortiProxy
Weakness CWE-79 · XSS
Published March 14, 2025
Last update February 26, 2026
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:X/RC:X

What the vulnerability does

01Description

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.

Key dates

02Disclosure timeline

March 14, 2025 CVE published
February 26, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-44049 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Authenticated Cross Site Scripting (XSS) vulnerability CVE-2025-8834 JCG Link-net LW-N915R Wireless Basic Settings basic.asp cross site scripting CVE-2024-37960 WordPress CodePen Embedded Pens Shortcode plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability CVE-2024-41753 IBM Cloud Pak for Business Automation cross-site scripting CVE-2026-27069 WordPress Soledad theme <= 8.7.2 - Cross Site Scripting (XSS) vulnerability