CVE-2021-24014 — Cross-site Scripting in Fortinet Fortisandbox

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

CNA5.4

EPSS

0.4%

top 36.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortisandbox Fortinet Fortisandbox

Timeline

PublishedAug 4

Latest updateMay 24

Description

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDfortinet/fortisandbox3.2.0 — 3.2.3+1

▶CVEListV5fortinet/fortinet_fortisandboxFortiSandbox before 4.0.0

🔴Vulnerability Details

GHSA

GHSA-grhw-h243-368j: Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4↗2022-05-24

▶

CVEList

CVE-2021-24014: Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4↗2021-08-04

▶

📋Vendor Advisories

Fortinet

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before...↗2021-08-04

▶