ГлавнаяУязвимости → CVE-2024-27781
7.1высокая

CVE-2024-27781

→ есть в БДУ: BDU:2025-01616 (на русском)
Описание (на английском; русское — в БДУ выше)

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.4, FortiSandbox 4.2.1 through 4.2.6, FortiSandbox 4.0.0 through 4.0.4, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests.

Затрагиваемое ПО
Fortinet Fortisandbox
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Источники
https://fortiguard.fortinet.com/psirt/FG-IR-24-063