CVE-2015-7360 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) \Fortiview threats by users search filtered by vdom\ or (5) \PCAP file download generated by the VM scan feature.\
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortisandbox-webui
http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt
http://packetstormsecurity.com/files/132930/FortiSandbox-3000D-2.02-build0042-Cross-Site-Scripting.html
http://www.securityfocus.com/archive/1/536124/100/0/threaded
Multiple
cross-site
scripting
(XSS)
vulnerabilities
in
the
Web
User
Interface
(WebUI)
in
Fortinet
FortiSandbox
before
2.1
allow
remote
attackers
to
inject
arbitrary
web
script
or
HTML
via
the
(1)
serial
parameter
to
alerts/summary/profile/;
the
(2)
urlForCreatingReport
parameter
to
csearch/report/export/;
the
(3)
id
parameter
to
analysis/detail/download/screenshot;
or
vectors
related
to
(4)
\Fortiview
threats
by
users
search
filtered
by
vdom
or
(5)
\PCAP
file
download
generated
by
the
VM
scan
feature.\
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: