{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T11:23:52.470","vulnerabilities":[{"cve":{"id":"CVE-2025-32932","sourceIdentifier":"psirt@fortinet.com","published":"2025-08-12T19:15:29.260","lastModified":"2025-08-15T12:25:28.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests"},{"lang":"es","value":"Una vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('cross-site scripting') [CWE-79] en FortiSOAR versión 7.6.1 y anteriores, versión 7.5.1 y anteriores, 7.4 todas las versiones, 7.3 todas las versiones, 7.2 todas las versiones, 7.0 todas las versiones, 6.4 todas las versiones La interfaz web puede permitir que un atacante remoto autenticado realice un ataque XSS a través de solicitudes de servicio maliciosas almacenadas"}],"metrics":{"cvssMetricV31":[{"source":"psirt@fortinet.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@fortinet.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"7.5.2","matchCriteriaId":"40FFA8A7-EE33-48A9-AE52-40E8087ADF95"},{"vulnerable":true,"criteria":"cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*","versionStartIncluding":"7.6.0","versionEndExcluding":"7.6.2","matchCriteriaId":"199DD7C5-D5B3-4B53-9BF0-DE974A092508"}]}]}],"references":[{"url":"https://fortiguard.fortinet.com/psirt/FG-IR-24-513","source":"psirt@fortinet.com","tags":["Vendor Advisory"]}]}}]}