Multiple XSS vulnerabilities in FortiSandbox WebUI
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-15-019
Final
1
1
2015-07-24T00:00:00
Current version
2015-07-24T00:00:00
2015-07-24T00:00:00
None
The Web User Interface of FortiSandbox version 2.0.4 and below is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities. 5 potential XSS vectors were identified: * Fortiview threats by users search filtered by serial * Fortiview threats by users search filtered by vdom * Export report feature in the Fortiview search page * Screenshot download generated by the VM scan feature * PCAP file download generated by the VM scan feature
XSS
FortiSandbox 2.0.4 and lower.
Upgrade to FortiSandbox 2.1 or above.
Thanks to John Page.
Multiple XSS vulnerabilities in FortiSandbox WebUI
CVE-2015-7360
https://fortiguard.fortinet.com/psirt/FG-IR-15-019
Multiple XSS vulnerabilities in FortiSandbox WebUI
Reference>