ID

VAR-202310-2391


CVE

CVE-2023-41836


TITLE

fortinet's  FortiSandbox  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-015353

DESCRIPTION

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests. fortinet's FortiSandbox Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2023-41836 // JVNDB: JVNDB-2023-015353

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:lteversion:3.0.7

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.0.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:eqversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.1.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.2.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.1.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:3.2.4

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:lteversion:4.0.4

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.2.0 to 3.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.0.4 to 3.0.7

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.1.0 to 3.1.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.2.0 to 4.2.4

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.0.0 to 4.0.4

Trust: 0.8

sources: JVNDB: JVNDB-2023-015353 // NVD: CVE-2023-41836

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-41836
value: MEDIUM

Trust: 1.0

psirt@fortinet.com: CVE-2023-41836
value: LOW

Trust: 1.0

NVD: CVE-2023-41836
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-41836
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

psirt@fortinet.com: CVE-2023-41836
baseSeverity: LOW
baseScore: 3.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2023-41836
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-015353 // NVD: CVE-2023-41836 // NVD: CVE-2023-41836

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-015353 // NVD: CVE-2023-41836

PATCH

title:FG-IR-23-215url:https://www.fortiguard.com/psirt/FG-IR-23-215

Trust: 0.8

sources: JVNDB: JVNDB-2023-015353

EXTERNAL IDS

db:NVDid:CVE-2023-41836

Trust: 2.6

db:JVNDBid:JVNDB-2023-015353

Trust: 0.8

sources: JVNDB: JVNDB-2023-015353 // NVD: CVE-2023-41836

REFERENCES

url:https://fortiguard.com/psirt/fg-ir-23-215

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-41836

Trust: 0.8

sources: JVNDB: JVNDB-2023-015353 // NVD: CVE-2023-41836

SOURCES

db:JVNDBid:JVNDB-2023-015353
db:NVDid:CVE-2023-41836

LAST UPDATE DATE

2024-08-14T14:54:27.763000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-015353date:2023-12-27T04:35:00
db:NVDid:CVE-2023-41836date:2023-11-07T04:21:06.457

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-015353date:2023-12-27T00:00:00
db:NVDid:CVE-2023-41836date:2023-10-13T15:15:44.183