4.8
CVE-2026-39812
- EPSS 0.04%
- Veröffentlicht 14.04.2026 15:38:18
- Zuletzt bearbeitet 21.04.2026 17:12:33
- Quelle psirt@fortinet.com
- CVE-Watchlists
- Unerledigt
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fortinet ≫ Fortisandbox Version >= 4.2.0 <= 4.2.8
Fortinet ≫ Fortisandbox Version >= 4.4.0 < 4.4.9
Fortinet ≫ Fortisandbox Version >= 5.0.0 < 5.0.6
Fortinet ≫ Fortisandbox Cloud Version >= 22.2.4134 <= 23.1.4260
Fortinet ≫ Fortisandbox Cloud Version >= 23.3.4329 <= 24.1.4436
Fortinet ≫ Fortisandbox Cloud Version5.0.4
Fortinet ≫ Fortisandbox Cloud Version5.0.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.104 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@fortinet.com | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.