PT-2019-6213 · Fortinet · Fortisandbox

Published

2019-04-03

Updated

2019-05-02

CVE-2018-1356

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FortiSandbox versions prior to 3.0

Description A reflected Cross-Site-Scripting (XSS) issue exists due to insufficient protection of the web page structure in the file scan component. This may allow an attacker to execute unauthorized code or commands via the back url parameter.

Recommendations For versions prior to 3.0, update to version 3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the back url parameter in the file scan component to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2022-03216

CVE-2018-1356

Affected Products

Fortisandbox

PT-2019-6213 · Fortinet · Fortisandbox

CVE-2018-1356

Weakness Enumeration

Related Identifiers

Affected Products

References · 5