CVE-2026-39812Cross-site Scripting in Fortinet Fortisandbox

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 92.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Fortinet FortisandboxFortinet Fortisandbox Paas
Timeline
PublishedApr 14

Description

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

CVEListV5fortinet/fortisandbox_paas5.0.05.0.5+2
CVEListV5fortinet/fortisandbox5.0.05.0.4+2

🔴Vulnerability Details

2
CVEList
CVE-2026-39812: A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 52026-04-14
GHSA
GHSA-9q3x-6267-mffc: A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 52026-04-14

📋Vendor Advisories

1
Fortinet
Multiple Stored XSS2026-04-14
CVE-2026-39812 — Cross-site Scripting in Fortinet | cvebase