PSIRT Advisories

FortiSandbox - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.

Affected Products

FortiSandbox 3.2.2 and below.
FortiSandbox 3.1.4 and below.

Solutions

Upgrade to version 4.0.0 or above.

Upgrade to version 3.2.3 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team.