cbcvebase.
CVE-2026-39812
published 2026-04-14

CVE-2026-39812: A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox…

medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via

Affected

15 ranges
VendorProductVersion rangeFixed in
fortinetfortinet
fortinetfortisandbox
fortinetfortisandbox4.2.0 – 4.2.8
fortinetfortisandbox4.2.1 – 4.2.8
fortinetfortisandbox>= 4.4.0 < 4.4.94.4.9
fortinetfortisandbox4.4.0 – 4.4.8
fortinetfortisandbox>= 5.0.0 < 5.0.65.0.6
fortinetfortisandbox5.0.0 – 5.0.4
fortinetfortisandbox_cloud
fortinetfortisandbox_cloud
fortinetfortisandbox_cloud22.2.4134 – 23.1.4260
fortinetfortisandbox_cloud23.3.4329 – 24.1.4436
fortinetfortisandbox_paas4.2.1 – 4.2.8
fortinetfortisandbox_paas4.4.0 – 4.4.8
fortinetfortisandbox_paas5.0.0 – 5.0.5