Cross site scripting

2023-10-1315:15:00

PRIOn knowledge base

www.prio-n.com

fortinet fortisandbox

cross site scripting

code execution

unauthorized access

http requests

security vulnerability

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.1%

JSON

A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.

CPENameOperatorVersion
fortisandboxge3.1.0
fortisandboxle3.1.5
fortisandboxge3.2.0
fortisandboxle3.2.4
fortisandboxge3.0.0
fortisandboxle3.0.7
fortisandboxge4.2.0
fortisandboxle4.2.5
fortisandboxge4.0.0
fortisandboxle4.0.3

Name	Operator	Version
fortisandbox	ge	3.1.0
fortisandbox	le	3.1.5
fortisandbox	ge	3.2.0
fortisandbox	le	3.2.4
fortisandbox	ge	3.0.0
fortisandbox	le	3.0.7
fortisandbox	ge	4.2.0
fortisandbox	le	4.2.5
fortisandbox	ge	4.0.0
fortisandbox	le	4.0.3

Rows per page:

1-10 of 151

References

fortiguard.com/psirt/FG-IR-23-311