A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/107838 | Third Party Advisory VDB Entry |
| https://fortiguard.com/advisory/FG-IR-18-024 | Vendor Advisory |
| http://www.securityfocus.com/bid/107838 | Third Party Advisory VDB Entry |
| https://fortiguard.com/advisory/FG-IR-18-024 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:59
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/107838 - Third Party Advisory, VDB Entry | |
| References | () https://fortiguard.com/advisory/FG-IR-18-024 - Vendor Advisory |
Information
Published : 2019-04-09 21:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1356
Mitre link : CVE-2018-1356
CVE.ORG link : CVE-2018-1356
JSON object : View
Products Affected
fortinet
- fortisandbox
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')