The vulnerability is an improper neutralization of input during web page generation that permits an attacker to inject arbitrary script content into a FortiSIEM web page. This cross‑site scripting flaw can be triggered by manipulating URL parameters and is accessed remotely, so an unauthenticated attacker can embed malicious code that runs in the context of any user who visits the forged link. As a result, attackers may compromise user confidentiality, alter data or hijack sessions, and launch phishing or other social engineering campaigns without needing initial access.

The flaw affects Fortinet FortiSIEM versions 7.4.0 and 7.3.0 through 7.3.4. These product releases expose the vulnerable web interface to external traffic, making them susceptible to exploitation.

With a CVSS score of 4.1 and an EPSS probability of less than 1 percent, the technical severity is moderate but the exploitability is low due to the requirement of reachability to the web UI and lack of authentication. The vulnerability is not listed in the KEV catalog, suggesting no widespread active exploitation yet. Nonetheless, because the flaw enables classic cross‑site scripting, attackers can leverage social engineering to deliver malicious scripts to users who click forged links.