Reflected Cross Site Scripting (XSS) in error page
Monitor4.1FG-IR-26-077Mar 10, 2026
Fortinet
IT in OT - Fortinet products are commonly deployed at IT/OT network boundaries
Attack path
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary
A reflected cross-site scripting (XSS) vulnerability in FortiSIEM's error page allows an attacker to inject malicious code via unvalidated URL parameters. An attacker can craft a malicious link that, when clicked by a user, executes JavaScript in the context of the FortiSIEM web interface.
What this means
What could happen
An attacker could trick a FortiSIEM administrator into clicking a malicious link that steals session cookies or credentials, potentially allowing unauthorized access to your security monitoring system and the ability to view or manipulate log data and alerts.
Who's at risk
This affects Fortinet FortiSIEM administrators and security operations staff who use the web interface for log analysis, alerting, and incident investigation. Organizations using FortiSIEM as a central security information and event management (SIEM) platform need to protect against credential theft.
How it could be exploited
The attacker sends a phishing email or message containing a crafted FortiSIEM URL with JavaScript code embedded in a URL parameter. When a FortiSIEM user clicks the link, the error page reflects the malicious code back to the browser without validation, executing the attacker's script in the user's session.
Prerequisites
- User must click on a malicious link
- User must be logged into FortiSIEM or accessing it from a network where FortiSIEM is reachable
- No special network access or credentials needed to craft the malicious URL
remotely exploitablelow complexityrequires user interaction (click)affects monitoring/logging visibility
Exploitability
Unlikely to be exploited — EPSS score 0.1%
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
FortiSIEM7.4.07.4.1+
FortiSIEM7.3.0 - 7.3.47.3.5+
Remediation & Mitigation
0/3
Do now
0/1FortiSIEM
HARDENINGEducate FortiSIEM users and administrators to not click on links to FortiSIEM from untrusted sources or emails, and to verify URLs match your actual FortiSIEM domain
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
FortiSIEM
HOTFIXUpdate FortiSIEM 7.4.0 to version 7.4.1 or later
HOTFIXUpdate FortiSIEM 7.3.0–7.3.4 to version 7.3.5 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/fb031768-fa3f-48b6-ace8-8c1bddc58c63Get OT security insights every Tuesday
Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.