PT-2025-50115 · Fortinet · Fortisandbox
Published
2025-12-09
·
Updated
2025-12-16
·
CVE-2025-54353
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Fortinet FortiSandbox versions 4.0 all versions
Fortinet FortiSandbox versions 4.2 all versions
Fortinet FortiSandbox versions 4.4.0 through 4.4.7
Fortinet FortiSandbox versions 5.0.0 through 5.0.2
Description
An Improper Neutralization of Input During Web Page Generation issue exists in Fortinet FortiSandbox. This issue may allow an attacker to perform a Cross-Site Scripting (XSS) attack via specially crafted HTTP requests.
Recommendations
Fortinet FortiSandbox versions prior to 4.0 should be updated.
Fortinet FortiSandbox versions prior to 4.2 should be updated.
Fortinet FortiSandbox versions prior to 4.4.0 or later than 4.4.7 should be updated.
Fortinet FortiSandbox versions prior to 5.0.0 or later than 5.0.2 should be updated.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fortisandbox