Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
5DescriptionCVE.org
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.
AnalysisAI
Reflected cross-site scripting (XSS) in Fortinet FortiSandbox and FortiSandbox PaaS versions 5.0.0 through 5.0.4 allows unauthenticated remote attackers to inject malicious scripts via crafted HTTP requests. Exploitation requires user interaction (clicking a malicious link), resulting in session hijacking, credential theft, or malware distribution to administrators accessing the FortiSandbox web interface. No public exploit code or active exploitation has been confirmed at time of analysis.
Technical ContextAI
FortiSandbox is Fortinet's file sandboxing and threat analysis platform deployed in security infrastructure to isolate and detonate suspicious files. The vulnerability exists in the web application's input validation layer during HTTP request processing, where user-supplied parameters are reflected in HTML responses without proper output encoding or sanitization. This is a classic reflected XSS (CWE-79: Improper Neutralization of Input During Web Page Generation), where the application fails to escape HTML metacharacters, allowing attackers to break out of data context and inject arbitrary JavaScript. The affected CPE products (cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* and cpe:2.3:a:fortinet:fortisandbox_paas:*:*:*:*:*:*:*:*) indicate the vulnerability spans both on-premises FortiSandbox deployments and the cloud-hosted PaaS variant, both critical in enterprise threat detection workflows.
RemediationAI
Upgrade FortiSandbox and FortiSandbox PaaS to version 5.0.5 or later as released by Fortinet. Organizations unable to upgrade immediately should restrict web interface access to trusted networks via firewall rules, disable remote management if not required, and monitor access logs for suspicious HTTP requests containing script tags or HTML entities in parameters. For cloud-hosted PaaS deployments, contact Fortinet Support to confirm patching status of your tenant. Detailed remediation guidance is available at https://fortiguard.fortinet.com/psirt/FG-IR-26-109.
Fortinet FortiWeb contains a relative path traversal allowing unauthenticated attackers to execute administrative comman
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Fortinet FortiWeb contains an authenticated OS command injection allowing privilege escalation to execute unauthorized c
Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; FortiSwitch 3.3.x before 3.3.3; FortiCache 3.0.x before 3.0
Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9
A product has a SQL injection vulnerability enabling unauthenticated database compromise through improperly neutralized
Remote code execution in Fortinet FortiClientEMS versions 7.4.5 through 7.4.6 allows unauthenticated attackers to execut
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in
Fortinet FortiAnalyzer and FortiManager contain a critical authentication bypass vulnerability (CVE-2026-24858, CVSS 9.8
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209455
GHSA-pr8g-5jxw-8fhj