CVE-2025-22855
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortin
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code.
LOW · CVSS 2.7
EPSS 0.00115
Monitor
- No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence
Sigma rules0
YARA rules0