CVE-2025-52436
published 2026-02-10CVE-2025-52436: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0…
PriorityP263critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
7.45%
93.7th percentile
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortisandbox | — | — |
| fortinet | fortisandbox | >= 4.0.0 < 4.4.8 | 4.4.8 |
| fortinet | fortisandbox | 4.0.0 – 4.0.6 | — |
| fortinet | fortisandbox | 4.2.1 – 4.2.8 | — |
| fortinet | fortisandbox | 4.4.0 – 4.4.7 | — |
| fortinet | fortisandbox | >= 5.0.0 < 5.0.2 | 5.0.2 |
| fortinet | fortisandbox | 5.0.0 – 5.0.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via the browser back button navigation in FortiSandbox web UI — monitor for crafted HTTP requests targeting FortiSandbox web interface that may contain XSS payloads in URL/referrer parameters associated with back-navigation ↗
- →Unauthenticated exploitation vector — no session/authentication token required; look for XSS payloads in requests from unauthenticated sources to FortiSandbox web management interface ↗
- ·Affected versions span a wide range: FortiSandbox 5.0.0–5.0.1, 4.4.0–4.4.7, all of 4.2.x, and all of 4.0.x — ensure version scope is confirmed before scoping detection rules ↗
- ·CVSS score of 8.8 (High) with unauthenticated attack vector elevates urgency; exposure of the FortiSandbox web management interface to untrusted networks significantly increases risk ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Fortinet
XSS via back button
vendor_fortinet·2026-02-10·CVSS 8.8
CVE-2025-52436 [HIGH] CWE-79 XSS via back button
FG-IR-25-093: XSS via back button
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
CVEs: CVE-2025-52436
CWEs: CWE-79
CVSS: 8.8 (high)
Affected products: FortiSandbox, Fortinet
GHSA
GHSA-chwm-wv7v-hv3q: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox
ghsa_unreviewed·2026-02-10
CVE-2025-52436 [HIGH] CWE-79 GHSA-chwm-wv7v-hv3q: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-02-10
Published