exploitDog

GHSA-xwrg-6m45-8r48

Опубликовано: 09 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests.

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests.

Ссылки

EPSS

Процентиль: 21%

0.00069

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-54353

CVSS3: 5.4

nvd

около 2 месяцев назад

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests.

BDU:2026-00831

CVSS3: 5.4

fstec

около 2 месяцев назад

Уязвимость графического пользовательского интерфейса системы выявления и устранения угроз FortiSandbox, позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 21%

0.00069

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79