FortiSandbox - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.

Affected Products

FortiSandbox 3.2.2 and below.
FortiSandbox 3.1.4 and below.


Upgrade to version 4.0.0 or above.

Upgrade to version 3.2.3 or above.


Internally discovered and reported by Giuseppe Cocomazzi of the Fortinet PSIRT Team.