ID

VAR-202310-2081


CVE

CVE-2023-41681


TITLE

fortinet's  FortiSandbox  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-015358

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. fortinet's FortiSandbox Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2023-41681 // JVNDB: JVNDB-2023-015358

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:lteversion:3.0.7

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:2.5.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.0.3

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:2.4.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.2.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.4.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:2.5.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.2.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 to 4.0.3

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.0 to 3.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:2.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.0.0 to 3.0.7

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.1.0 to 3.1.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0 to 4.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:2.5.0 to 2.5.2

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.2.0 to 4.2.5

Trust: 0.8

sources: JVNDB: JVNDB-2023-015358 // NVD: CVE-2023-41681

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-41681
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2023-41681
value: HIGH

Trust: 1.0

NVD: CVE-2023-41681
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-41681
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-41681
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-41681
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-015358 // NVD: CVE-2023-41681 // NVD: CVE-2023-41681

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-015358 // NVD: CVE-2023-41681

PATCH

title:FG-IR-23-311url:https://www.fortiguard.com/psirt/FG-IR-23-311

Trust: 0.8

sources: JVNDB: JVNDB-2023-015358

EXTERNAL IDS

db:NVDid:CVE-2023-41681

Trust: 2.6

db:JVNDBid:JVNDB-2023-015358

Trust: 0.8

sources: JVNDB: JVNDB-2023-015358 // NVD: CVE-2023-41681

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-311

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-41681

Trust: 0.8

sources: JVNDB: JVNDB-2023-015358 // NVD: CVE-2023-41681

SOURCES

db:JVNDBid:JVNDB-2023-015358
db:NVDid:CVE-2023-41681

LAST UPDATE DATE

2024-08-14T14:09:45.904000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-015358date:2023-12-27T04:36:00
db:NVDid:CVE-2023-41681date:2023-11-07T04:21:04.867

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-015358date:2023-12-27T00:00:00
db:NVDid:CVE-2023-41681date:2023-10-13T15:15:44.060