ID

VAR-202310-2290


CVE

CVE-2023-41680


TITLE

fortinet's  FortiSandbox  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-015360

DESCRIPTION

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. fortinet's FortiSandbox Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2023-41680 // JVNDB: JVNDB-2023-015360

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:lteversion:3.0.7

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:2.5.2

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.0.3

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:2.4.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.2.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.4.1

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:2.5.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.2.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 to 4.0.3

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.0 to 3.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:2.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.0.0 to 3.0.7

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.1.0 to 3.1.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0 to 4.4.1

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:2.5.0 to 2.5.2

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.2.0 to 4.2.5

Trust: 0.8

sources: JVNDB: JVNDB-2023-015360 // NVD: CVE-2023-41680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-41680
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2023-41680
value: HIGH

Trust: 1.0

NVD: CVE-2023-41680
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-41680
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-41680
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-41680
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-015360 // NVD: CVE-2023-41680 // NVD: CVE-2023-41680

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-015360 // NVD: CVE-2023-41680

PATCH

title:FG-IR-23-311url:https://www.fortiguard.com/psirt/FG-IR-23-311

Trust: 0.8

sources: JVNDB: JVNDB-2023-015360

EXTERNAL IDS

db:NVDid:CVE-2023-41680

Trust: 2.6

db:JVNDBid:JVNDB-2023-015360

Trust: 0.8

sources: JVNDB: JVNDB-2023-015360 // NVD: CVE-2023-41680

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-311

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-41680

Trust: 0.8

sources: JVNDB: JVNDB-2023-015360 // NVD: CVE-2023-41680

SOURCES

db:JVNDBid:JVNDB-2023-015360
db:NVDid:CVE-2023-41680

LAST UPDATE DATE

2024-08-14T15:00:02.429000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-015360date:2023-12-27T04:37:00
db:NVDid:CVE-2023-41680date:2023-11-07T04:21:04.683

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-015360date:2023-12-27T00:00:00
db:NVDid:CVE-2023-41680date:2023-10-13T15:15:44