Cross site scripting

2023-12-1307:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

fortinet

fortisandbox

unauthorized code execution

http requests

capture traffic endpoint

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.3%

JSON

A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint.

CPENameOperatorVersion
fortisandboxge3.1.0
fortisandboxle3.1.5
fortisandboxge3.2.0
fortisandboxle3.2.4
fortisandboxge3.0.0
fortisandboxle3.0.7
fortisandboxeq4.4.0
fortisandboxge4.2.0
fortisandboxle4.2.5
fortisandboxeq4.4.1

Name	Operator	Version
fortisandbox	ge	3.1.0
fortisandbox	le	3.1.5
fortisandbox	ge	3.2.0
fortisandbox	le	3.2.4
fortisandbox	ge	3.0.0
fortisandbox	le	3.0.7
fortisandbox	eq	4.4.0
fortisandbox	ge	4.2.0
fortisandbox	le	4.2.5
fortisandbox	eq	4.4.1

Rows per page:

1-10 of 131

References

fortiguard.com/psirt/FG-IR-23-214