FortiSandbox reflected XSS in the file scan component

Summary

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.

Affected Products

FortiSandbox 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2

Solutions

Upgrade to 3.0.0 or above.

Acknowledgement

Fortinet thanks Yasar Calay, Beyaz Bilgisayar Danmanlk, Hizmetleri Ltd.ti. for reporting this vulnerability.