Cross site scripting

2023-12-1307:15:00

PRIOn knowledge base

www.prio-n.com

cross-site scripting

fortinet fortisandbox

unauthorized code execution

crafted http requests

security vulnerability

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.3%

JSON

An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests

CPENameOperatorVersion
fortisandboxge3.1.0
fortisandboxle3.1.5
fortisandboxge3.2.0
fortisandboxle3.2.4
fortisandboxeq4.4.0
fortisandboxge4.2.0
fortisandboxle4.2.5
fortisandboxeq4.4.1
fortisandboxge4.0.0
fortisandboxle4.0.4

Name	Operator	Version
fortisandbox	ge	3.1.0
fortisandbox	le	3.1.5
fortisandbox	ge	3.2.0
fortisandbox	le	3.2.4
fortisandbox	eq	4.4.0
fortisandbox	ge	4.2.0
fortisandbox	le	4.2.5
fortisandbox	eq	4.4.1
fortisandbox	ge	4.0.0
fortisandbox	le	4.0.4

Rows per page:

1-10 of 111

References

fortiguard.com/psirt/FG-IR-23-360