Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2021-24014

Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters.

  • Published: Aug 4, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-24014
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
fortinet / fortisandbox - 3.1.4.x
fortinet / fortisandbox 3.2.0 3.2.3