FortiSandbox - Reflected Cross Site Scripting (XSS) on download PDF report endpoint

Dec. 12, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.

attack attacker cross-site cross site scripting cwe download endpoint http http requests input may page pdf report requests scripting vulnerability web xss

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 2 weeks, 5 days ago | fortiguard.fortinet.com

attacker cwe disclaimer may +8

Exposure of password hashes to read-only admin 2 weeks, 5 days ago | fortiguard.fortinet.com

admin control cwe data +11

Double free with double usage of json_object_put 2 weeks, 5 days ago | fortiguard.fortinet.com

attacker code commands cwe +9

Format String Bug in cli command 2 weeks, 5 days ago | fortiguard.fortinet.com

amp arbitrary code arbitrary code execution attacker +19

Client IP relies on X-Forwarded-For and other headers 2 weeks, 5 days ago | fortiguard.fortinet.com

attack bypass client cwe +10

Buffer overflow in administrative interface 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +13

Code injection in playbook code snippet step 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +7

Client-side enforcement of server-side security related to customer reports features 2 weeks, 5 days ago | fortiguard.fortinet.com

access account attacker client +16

HTTP/2 CONTINUATION Frames Vulnerability 2 weeks, 5 days ago | fortiguard.fortinet.com

attack can connection crash +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com

all InfoSec news

FortiSandbox - Reflected Cross Site Scripting (XSS) on download PDF report endpoint

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

CyberSOC Technical Lead

Cyber Security Strategy Consultant

Cyber Security Senior Consultant

Sr. Product Manager

Corporate Intern - Information Security (Year Round)

Senior Offensive Security Engineer