CVE-2025-22855 LOW

CVE-2025-22855

Vendor Fortinet
Product FortiClientEMS
Weakness CWE-79 · XSS
Published April 8, 2025
Last update April 8, 2025
View on NVD All CVEs

CVSS base score

2.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C

What the vulnerability does

01Description

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.

Key dates

02Disclosure timeline

April 8, 2025 CVE published
April 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-51662 WordPress Black Widgets For Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability CVE-2025-62941 WordPress Events Maker by dFactory plugin <= 1.6.14 - Cross Site Scripting (XSS) vulnerability CVE-2024-1450 Shariff Wrapper <= 4.6.10 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-33982 Cross-Site Scripting (XSS) vulnerability in Janobe products CVE-2022-22109 DayByDay CRM - Stored Cross-Site Scripting (XSS) in Task Title