Security News

Cybersecurity news aggregator

🛡️
MEDIUM Vulnerabilities Fortinet PSIRT

XSS via back button

fortinetxss
  • What: A cross-site scripting (XSS) vulnerability exists in FortiSandbox due to improper neutralization of input during web page generation.
  • Impact: An unauthenticated attacker may execute commands via crafted requests.
  • Affected: FortiSandbox PaaS versions 4.4.0 through 4.4.7 and 5.0.0 through 5.0.1.
  • Patch: Upgrade to FortiSandbox 5.0.2 or above, or 4.4.8 or above.
Read Full Article →

PSIRT XSS via back button Summary An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox may allow an unauthenticated attacker to execute commands via crafted requests. FortiSandbox PaaS versions 4.4.8 and 5.0.5 contains the fix for this vulnerability. Version Affected Solution FortiSandbox 5.0 5.0.0 through 5.0.1 Upgrade to 5.0.2 or above FortiSandbox 4.4 4.4.0 through 4.4.7 Upgrade to 4.4.8 or above FortiSandbox 4.2 4.2 all versions Migrate to a fixed release FortiSandbox 4.0 4.0 all versions Migrate to a fixed release Acknowledgement Internally reported and discovered by Jaguar Perlas of Burnaby Infosec team. Timeline 2026-02-10: Initial publication

Related Articles

MEDIUM FortiSandbox XSS Vulnerability Let Attackers Run Arbitrary Commands Web Discovery HIGH FortiSandbox XSS Vulnerability Leads to Unauthorized Control and Information Disclosure - Advisories Web Discovery MEDIUM FortiSandbox XSS Vulnerability Allows Remote Command Execution | eSecurity Planet Web Discovery HIGH CVE-2025-52436: Execute unauthorized code or commands in Fortinet FortiSandbox - Live Threat Intelligence - Threat Radar | OffSeq.com Web Discovery
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn