PSIRT Advisories

FortiSandbox reflected XSS in the file scan component


A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.

Affected Products

FortiSandbox 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2


Upgrade to 3.0.0 or above.


Fortinet thanks Yasar Calay, Beyaz Bilgisayar Danmanlk, Hizmetleri Ltd.ti. for reporting this vulnerability.