CVE-2024-27781

Name of the Vulnerable Software and Affected Versions: Fortinet FortiSandbox versions 3.0.0 through 3.0.7 Fortinet FortiSandbox versions 3.1.0 through 3.1.5 Fortinet FortiSandbox versions 3.2.0 through 3.2.4 Fortinet FortiSandbox versions 4.0.0 through 4.0.4 Fortinet FortiSandbox versions 4.2.0 through 4.2.6 Fortinet FortiSandbox versions 4.4.0 through 4.4.4

Description: The issue is related to an improper neutralization of input during web page generation, also known as 'cross-site scripting', which allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests. This can enable a remote attacker to perform cross-site scripting attacks by sending specially formed HTTP requests.

Recommendations: For Fortinet FortiSandbox versions 3.0.0 through 3.0.7, update to a version that includes a fix for this issue. For Fortinet FortiSandbox versions 3.1.0 through 3.1.5, update to a version that includes a fix for this issue. For Fortinet FortiSandbox versions 3.2.0 through 3.2.4, update to a version that includes a fix for this issue. For Fortinet FortiSandbox versions 4.0.0 through 4.0.4, update to a version that includes a fix for this issue. For Fortinet FortiSandbox versions 4.2.0 through 4.2.6, update to a version that includes a fix for this issue. For Fortinet FortiSandbox versions 4.4.0 through 4.4.4, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the web interface of FortiSandbox to minimize the risk of exploitation.