Cross-Site Scripting Vulnerability in Fortinet FortiSandbox Products
CVE-2023-41836
3.4LOW
Summary
An improper neutralization of input during web page generation in multiple versions of Fortinet's FortiSandbox could allow an attacker to execute unauthorized commands through meticulously crafted HTTP requests. This vulnerability highlights the importance of secure input handling in web applications, making it critical for users to update their FortiSandbox installations to versions that address this issue.
Affected Version(s)
FortiSandbox 4.4.0
FortiSandbox 4.2.0 <= 4.2.4
FortiSandbox 4.0.0 <= 4.0.4
References
CVSS V3.1
Score:
3.4
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved