FortiSandbox reflected XSS in the file scan component
A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.
Execute unauthorized code or commands
FortiSandbox 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2
Upgrade to 3.0.0 or above.
Fortinet thanks Yasar Calay, Beyaz Bilgisayar Danmanlk, Hizmetleri Ltd.ti. for reporting this vulnerability.