CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
18.6%
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
Vendor | Product | Version | CPE |
---|---|---|---|
fortinet | fortisandbox | * | cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* |
fortinet | fortisandbox | 2.4.1 | cpe:2.3:a:fortinet:fortisandbox:2.4.1:*:*:*:*:*:*:* |