A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>
oryginał ENCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NFortinet Fortisandbox
APPFortinet5.0.0 – 5.0.6 (bez)4.2.0 – 4.2.84.4.0 – 4.4.9 (bez)Fortinet Fortisandbox Cloud
APPFortinet5.0.45.0.522.2.4134 – 23.1.426023.3.4329 – 24.1.4436
Powiązane podatności
Command injection w Fortinet FortiSandbox — dostęp bez uwierzytelnienia
Brak autoryzacji w Fortinet FortiSandbox umożliwia zdalne wykonanie kodu
A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 ...
Command Injection w Fortinet FortiSandbox umożliwiający RCE
An improper neutralization of special elements used in an os command ('os command injection') vulnerability in...