CVE-2023-41680

Summary

CVE-2023-41680 is a vulnerability categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)). It affects Fortinet FortiSandbox versions 4.4.1, 4.4.0, 4.2.0 through 4.2.5, 4.0.0 through 4.0.3, 3.2.0 through 3.2.4, 3.1.0 through 3.1.5, 3.0.0 through 3.0.7, and 2.5.0 through 2.5. 2, as well as other related products like rMene and jHh7g series among others. The vulnerability allows an attacker to execute unauthorized code or commands by exploiting an improper neutralization of input during web page generation ('cross-site scripting') in the affected products. The risk score of this vulnerability is rated at 25 out of a possible maximum of 100. The base severity is classified as MEDIUM with a base score of 6.A potential danger to organizations lies in the possibility of attackers executing unauthorized code or commands using crafted HTTP requests. Remediation for this vulnerability should include updating the affected Fortinet FortiSandbox versions to the latest patched version provided by the vendor.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.