Vulnerabilities > Fortinet > Fortisandbox > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-41844 Cross-site Scripting vulnerability in Fortinet Fortisandbox
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.4 allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint.
network
low complexity
fortinet CWE-79
5.4
5.4
2023-12-13 CVE-2023-45587 Cross-site Scripting vulnerability in Fortinet Fortisandbox
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 allows attacker to execute unauthorized code or commands via crafted HTTP requests
network
low complexity
fortinet CWE-79
5.4
5.4
2023-10-13 CVE-2023-41680 Cross-site Scripting vulnerability in Fortinet Fortisandbox
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-79
6.1
6.1
2023-10-13 CVE-2023-41681 Cross-site Scripting vulnerability in Fortinet Fortisandbox
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-79
6.1
6.1
2023-10-13 CVE-2023-41836 Cross-site Scripting vulnerability in Fortinet Fortisandbox
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-79
6.1
6.1
2023-10-13 CVE-2023-41843 Cross-site Scripting vulnerability in Fortinet Fortisandbox
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
network
low complexity
fortinet CWE-79
5.4
5.4
2023-09-01 CVE-2022-22305 Improper Certificate Validation vulnerability in Fortinet products
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers.
high complexity
fortinet CWE-295
4.2
4.2
2023-04-11 CVE-2022-27485 SQL Injection vulnerability in Fortinet Fortisandbox
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.
network
low complexity
fortinet CWE-89
6.5
6.5
2022-04-06 CVE-2020-29013 Improper Input Validation vulnerability in Fortinet Fortisandbox
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.
network
low complexity
fortinet CWE-20
5.5
5.5
2021-12-08 CVE-2021-32591 Unspecified vulnerability in Fortinet products
A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail 7.0.1 and earlier may allow an attacker in possession of the password store to compromise the confidentiality of the encrypted secrets.
network
high complexity
fortinet
5.3
5.3