Cross-Site Scripting in Fortinet FortiSandbox
CVE-2023-41681

7.3HIGH

Key Information:

Vendor: Fortinet
Status: Fortisandbox
Vendor: CVE Published:; 13 October 2023

Summary

An improper neutralization of input during web page generation in Fortinet FortiSandbox allows attackers to execute unauthorized code or commands by sending specially crafted HTTP requests. This cross-site scripting vulnerability affects multiple versions of the product, posing significant risks to users' web applications and data integrity. Regular updates and proper input validation practices are essential to mitigate such vulnerabilities.

Affected Version(s)

FortiSandbox 4.4.0 <= 4.4.1

FortiSandbox 4.2.0 <= 4.2.5

FortiSandbox 4.0.0 <= 4.0.3

References

https://fortiguard.com/psirt/FG-IR-23-311

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 13, 2023
Vulnerability Reserved
Aug 30, 2023

Collectors

NVD DatabaseMitre Database