CNNVD-202512-1223 Information
CNNVD ID
CNNVD-202512-1223
Related CVE
- CNNVD Published: 2025-12-09
Description (Chinese)
Fortinet FortiSandbox是美国飞塔(Fortinet)公司的一款APT(高级持续性威胁)防护设备。该设备提供双重沙盒技术、动态威胁智能系统、实时控制面板和报告等功能。 Fortinet FortiSandbox 5.0.0版本至5.0.2版本、4.4.0版本至4.4.7版本、4.2所有版本和4.0所有版本存在跨站脚本漏洞,该漏洞源于HTTP请求中和不当,可能导致跨站脚本攻击。
Description (English)
Fortinet FortiSandbox is an APT (Advanced Continuing Threat) protection unit of Fortinet. The equipment provides dual sandbox technology, dynamic threat intelligence systems, real-time control panels and reporting. Fortinet FortiSandbox version 5.0.0 to 5.0.2, version 4.4.0 to version 4.4.7, all version 4.2 and all version 4.0 have a cross-site script loophole, which originates from an inappropriate combination of HTTP requests and may result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
飞塔
Published
2025-12-09
Last Modified
2026-02-24
References
https://fortiguard.fortinet.com/psirt/FG-IR-25-477 https://access.redhat.com/security/cve/cve-2025-54353
Patch
https://fortiguard.fortinet.com/psirt/FG-IR-25-477
Share on: