CVE-2026-13375
MEDIUMCVSS v4.0: 4.8
Source data as of:
At a glance
- Severity
- MEDIUM
- CVSS
- 4.8 v4.0 · NVD
- EPSS
- EPSS not provided by FIRST.org for this CVE
- CISA KEV
- No
- Type
- XSS · NVD CWE
- Attack conditions (CVSS vector)
- Network · Source: NVD Vector
- Published
- 2026-07-03 · Modified: 2026-07-03
- References
- Jump to references (1)
CVSS / EPSS / KEV
Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources
Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS (Autotask Technology Integration module) allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-13938. This issue affects Fireware OS 12.4 up to and including 12.12, 12.5 up to and including 12.5.18, and 2025.1 up to and including 2026.2.
References
Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.
- Vendor advisory https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2026-00017