Home
HIGH: 7.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:CDefault status
unaffected
5.0.0 (semver)
affected
4.4.0 (semver)
affected
4.2.1 (semver)
affected
4.0.0 (semver)
affected
Description
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
Problem types
Execute unauthorized code or commands
Product status
5.0.0 (semver)
4.4.0 (semver)
4.2.1 (semver)
4.0.0 (semver)
References
fortiguard.fortinet.com/psirt/FG-IR-25-093