CVE-2024-26006
HIGHFortiOS 6.4.0-7.4.3 and FortiProxy 7.0.0-7.4.3 - Unauthenticated Cross-Site Scripting via Malicious Samba Server
Title source: llmDescription
An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
References (1)
Core 1
Core References
Vendor Advisory
https://fortiguard.fortinet.com/psirt/FG-IR-23-485
Scores
CVSS v3
7.5
EPSS
0.0042
EPSS Percentile
61.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (2)
fortinet/fortios
6.4.0 - 7.0.14
fortinet/fortiproxy
7.0.0 - 7.0.17
Published
Mar 14, 2025
Tracked Since
Feb 18, 2026