CVE-2024-27781

Published Feb 11, 2025

Last updated 17 days ago

CVSS high 7.1

Overview

Description
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests.
Source
psirt@fortinet.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.1
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@fortinet.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2024-27781 An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 throu… https://t.co/62hHd6VHhK

    @CVEnew

    11 Feb 2025

    113 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References