{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T23:16:59.688","vulnerabilities":[{"cve":{"id":"CVE-2024-26006","sourceIdentifier":"psirt@fortinet.com","published":"2025-03-14T10:15:14.520","lastModified":"2025-07-24T20:00:45.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server."},{"lang":"es","value":"Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web [CWE-79] en la interfaz de usuario web SSL VPN de FortiOS versión 7.4.3 y anteriores, versión 7.2.7 y anteriores, versión 7.0.13 y anteriores y FortiProxy versión 7.4.3 y anteriores, versión 7.2.9 y anteriores, versión 7.0.16 y anteriores puede permitir que un atacante remoto no autenticado realice un ataque de cross-site scripting a través de un servidor samba malicioso."}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.0.14","matchCriteriaId":"E0BDC9CB-0462-456C-8AD3-C27DE15EFE22"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.8","matchCriteriaId":"A6D2A14F-3916-45A0-AD4D-27C60E00AEC0"},{"vulnerable":true,"criteria":"cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"1FDDB5F3-D229-4208-9110-8860A03C8B59"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.17","matchCriteriaId":"C98BE382-7A23-4231-9D1B-5D7946848F99"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.2.0","versionEndExcluding":"7.2.10","matchCriteriaId":"EDFFA2C3-0A23-4884-B751-785BE598DFF3"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.4","matchCriteriaId":"3F2C29AD-A11F-4A5F-8BB0-8600D5F77E72"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-23-485","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}