Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.4
Fortinet FortiSandbox: Malicious Web Requests Can Execute Code
CVE-2025-61886
Summary
An attacker can inject malicious code into FortiSandbox's web interface by sending a specially crafted HTTP request, potentially allowing them to take control of the system or steal sensitive information. This affects FortiSandbox versions 5.0.0 through 5.0.4. To protect your system, update to the latest version of FortiSandbox as soon as possible.
Original title
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 th...
Original description
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.
nvd CVSS3.1
5.4
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 14 Apr 2026 · Updated: 15 Apr 2026 · First seen: 14 Apr 2026