CVE-2025-32932_CVE-2025-32932

6.2 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:U/RC:C

Description

An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests

Basic Information

ID CVE-2025-32932

Source fortinet

Published Aug 12, 2025 at 19:00

Modified Aug 13, 2025 at 20:13

Affected Product

Vendor Fortinet

Product FortiSOAR

Version 7.6.0

Affected Versions Fortinet FortiSOAR 7.6.0
Fortinet FortiSOAR 7.5.0
Fortinet FortiSOAR 7.4.0
Fortinet FortiSOAR 7.3.0
Fortinet FortiSOAR 7.2.0
Fortinet FortiSOAR 7.0.0
Fortinet FortiSOAR 6.4.3
Fortinet FortiSOAR 6.4.0

CWE Classification

CWE-79

References

fortiguard.fortinet.com /psirt/FG-IR-24-513

{
    "lastseen": "",
    "description": "An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests",
    "published": "2025-08-12T19:00:01.506Z",
    "modified": "2025-08-13T20:13:36.224Z",
    "type": "cve",
    "title": "CVE-2025-32932",
    "source": "fortinet",
    "references": "https://fortiguard.fortinet.com/psirt/FG-IR-24-513",
    "id": "CVE-2025-32932",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Fortinet FortiSOAR 7.6.0\nFortinet FortiSOAR 7.5.0\nFortinet FortiSOAR 7.4.0\nFortinet FortiSOAR 7.3.0\nFortinet FortiSOAR 7.2.0\nFortinet FortiSOAR 7.0.0\nFortinet FortiSOAR 6.4.3\nFortinet FortiSOAR 6.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.2,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:U/RC:C",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FortiSOAR",
    "version": "7.6.0",
    "vendor": "Fortinet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}