CVE-2023-41836

🗓️ 13 Oct 2023 14:51:22Reported by fortinetType

Improper neutralization of input in Fortinet FortiSandbox (CVE-2023-41836

Reporter	Title	Published	Views	Family All 11
ATTACKERKB	CVE-2023-41836	13 Oct 202315:15	–	attackerkb
BDU FSTEC	The vulnerability of the FortiSandbox system’s threat detection and mitigation mechanism arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary code.	14 Oct 202300:00	–	bdu_fstec
Circl	CVE-2023-41836	13 Oct 202318:29	–	circl
CNNVD	Fortinet FortiSandbox Cross-Site Scripting Vulnerability	13 Oct 202300:00	–	cnnvd
Cvelist	CVE-2023-41836	13 Oct 202314:51	–	cvelist
EUVD	EUVD-2023-46327	3 Oct 202520:07	–	euvd
NVD	CVE-2023-41836	13 Oct 202315:15	–	nvd
OSV	CVE-2023-41836	13 Oct 202315:15	–	osv
Prion	Cross site scripting	13 Oct 202315:15	–	prion
RedhatCVE	CVE-2023-41836	23 May 202504:18	–	redhatcve

NVD

Node

fortinet fortisandboxRange3.0.4–3.0.7

fortinet fortisandboxRange3.1.0–3.1.5

fortinet fortisandboxRange3.2.0–3.2.4

fortinet fortisandboxRange4.0.0–4.0.4

fortinet fortisandboxRange4.2.0–4.2.4

fortinet fortisandboxMatch4.4.0

[
  {
    "vendor": "Fortinet",
    "product": "FortiSandbox",
    "cpes": [
      "cpe:2.3:a:fortinet:fortisandbox:4.4.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.2.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.2.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.0.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.0.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.0.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.2.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.2.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.2.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.1.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.1.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.1.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.1.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.1.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.1.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.0.7:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.0.6:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.0.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:fortinet:fortisandbox:3.0.4:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "versions": [
      {
        "version": "4.4.0",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "4.2.1",
        "lessThanOrEqual": "4.2.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "4.0.0",
        "lessThanOrEqual": "4.0.6",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.2.0",
        "lessThanOrEqual": "3.2.4",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.1.0",
        "lessThanOrEqual": "3.1.5",
        "status": "affected"
      },
      {
        "versionType": "semver",
        "version": "3.0.4",
        "lessThanOrEqual": "3.0.7",
        "status": "affected"
      }
    ]
  }
]

Source	Link
fortiguard	www.fortiguard.com/psirt/FG-IR-23-215

17 Jun 2026 06:22Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.13.5 - 6.1

EPSS0.00411

SSVC

CWE-79