An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HFortinet Fortisandbox
APPFortinet4.0.0 – 4.4.8 (bez)5.0.0 – 5.0.2 (bez)
Powiązane podatności
Command injection w Fortinet FortiSandbox — dostęp bez uwierzytelnienia
Brak autoryzacji w Fortinet FortiSandbox umożliwia zdalne wykonanie kodu
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 ...
Command Injection w Fortinet FortiSandbox umożliwiający RCE
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [C...