CVE-2025-61886

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisandboxFortinet Fortisandbox Paas
Timeline
PublishedApr 14

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5fortinet/fortisandbox_paas5.0.05.0.4
CVEListV5fortinet/fortisandbox5.0.05.0.4

🔴Vulnerability Details

1
CVEList
CVE-2025-61886: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox2026-04-14

📋Vendor Advisories

1
Fortinet
Reflected XSS in Operation Center2026-04-14
CVE-2025-61886 (MEDIUM CVSS 5.4) | An Improper Neutralization of Input | cvebase.io