An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule.
[
{
"product": "Fortinet FortiSIEM",
"vendor": "Fortinet",
"versions": [
{
"status": "affected",
"version": "FortiSIEM version 5.2.5 and below"
}
]
}
]