An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an attacker to perform an XSS attack via crafted HTTP requests.
References
| Link | Resource |
|---|---|
| https://fortiguard.fortinet.com/psirt/FG-IR-25-477 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
09 Dec 2025, 20:10
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Fortinet
Fortinet fortisandbox |
|
| CPE | cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* | |
| References | () https://fortiguard.fortinet.com/psirt/FG-IR-25-477 - Vendor Advisory |
09 Dec 2025, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-09 18:15
Updated : 2025-12-09 20:10
NVD link : CVE-2025-54353
Mitre link : CVE-2025-54353
CVE.ORG link : CVE-2025-54353
JSON object : View
Products Affected
fortinet
- fortisandbox
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')