CVE-2018-1356

Summary

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.

Affected Software

VendorProductVersion RangeStatus
FortinetFortiSandbox2.5.2affected
FortinetFortiSandbox2.5.1affected
FortinetFortiSandbox2.5.0affected
FortinetFortiSandbox2.4.1affected
FortinetFortiSandbox2.4.0affected

Weaknesses

  • Execute unauthorized code or commands

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References