Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2025-31366

4.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 3 months ago

An Improper Neutralization of Input During Web Page Generation vulnerability …

An Improper Neutralization of Input During Web Page Generation vulnerability [CWE-79] in FortiOS 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4.0 through 7.4.9, 7.2 all versions, 7.0 all versions; FortiSASE 25.3.a may allow an unauthenticated attacker to perform a reflected cross site scripting (XSS) via crafted HTTP requests.

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-542

Affected products

FortiOS

=<7.6.2
=<7.2.12
=<7.0.17
=<7.4.7
=<7.0.18
=<6.4.16

FortiSASE

==25.2.a

FortiProxy

=<7.4.8
=<7.2.15
=<7.0.21
=<7.6.3
=<7.0.22

Matching in nixpkgs

pkgs.terraform-providers.fortios

None

nixos-unstable 1.22.1
- nixpkgs-unstable 1.22.1
- nixos-unstable-small 1.22.1
nixos-25.11 1.23.0
- nixpkgs-25.11-darwin 1.23.0

pkgs.python312Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

pkgs.python313Packages.fortiosapi

Python module to work with Fortigate/Fortios devices

nixos-unstable 1.0.5
- nixpkgs-unstable 1.0.5
- nixos-unstable-small 1.0.5
nixos-25.11 1.0.5
- nixpkgs-25.11-darwin 1.0.5

Package maintainers

@fabaff Fabian Affolter <mail@fabian-affolter.ch>