← volver
CVE-2024-27781

CVE-2024-27781

CVSS 6.9 MEDIUMEPSS 22.0%CWE-79
An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:X/RC:X
Productos afectados
Fortinet · FortiSandbox

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://fortiguard.fortinet.com/psirt/FG-IR-24-063