Multiple XSS vulnerabilities in FortiSandbox WebUI
The Web User Interface of FortiSandbox version 2.0.4 and below is vulnerable to multiple reflected Cross-Site Scripting vulnerabilities.
5 potential XSS vectors were identified:
* Fortiview threats by users search filtered by serial
* Fortiview threats by users search filtered by vdom
* Export report feature in the Fortiview search page
* Screenshot download generated by the VM scan feature
* PCAP file download generated by the VM scan feature
FortiSandbox 2.0.4 and lower.
Upgrade to FortiSandbox 2.1 or above.
Thanks to John Page.