Severity

Medium

Analysis Summary

CVE-2018-1356

Input passed via the “back_url” parameter in the file scan component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Impact

Cross Site Scripting

Affected Vendors

Fortinet

Affected Products

Fortinet FortiSandbox 2.x

Remediation

Upgrade to version 3.0.0 or later.