Sign-up

ID

VAR-202502-0405


CVE

CVE-2024-27781


TITLE

fortinet's  FortiSandbox  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-026426

DESCRIPTION

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests. fortinet's FortiSandbox Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-27781 // JVNDB: JVNDB-2024-026426

AFFECTED PRODUCTS

vendor:fortinetmodel:fortisandboxscope:gteversion:4.2.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:4.4.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.4.5

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.2.7

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:gteversion:3.0.0

Trust: 1.0

vendor:fortinetmodel:fortisandboxscope:ltversion:4.0.5

Trust: 1.0

vendor:フォーティネットmodel:fortisandboxscope:eqversion: -

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.4.0 that's all 4.4.5

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:4.2.0 that's all 4.2.7

Trust: 0.8

vendor:フォーティネットmodel:fortisandboxscope:eqversion:3.0.0 that's all 4.0.5

Trust: 0.8

sources: JVNDB: JVNDB-2024-026426 // NVD: CVE-2024-27781

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com: CVE-2024-27781
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-27781
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-27781
value: CRITICAL

Trust: 0.8

psirt@fortinet.com: CVE-2024-27781
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-27781
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2024-27781
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-026426 // NVD: CVE-2024-27781 // NVD: CVE-2024-27781

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-026426 // NVD: CVE-2024-27781

PATCH

title:FG-IR-24-063url:https://fortiguard.fortinet.com/psirt/FG-IR-24-063

Trust: 0.8

sources: JVNDB: JVNDB-2024-026426

EXTERNAL IDS

db:NVDid:CVE-2024-27781

Trust: 2.6

db:JVNDBid:JVNDB-2024-026426

Trust: 0.8

sources: JVNDB: JVNDB-2024-026426 // NVD: CVE-2024-27781

REFERENCES

url:https://fortiguard.fortinet.com/psirt/fg-ir-24-063

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2024-27781

Trust: 0.8

sources: JVNDB: JVNDB-2024-026426 // NVD: CVE-2024-27781

SOURCES

db:JVNDBid:JVNDB-2024-026426
db:NVDid:CVE-2024-27781

LAST UPDATE DATE

2025-07-28T23:35:41.697000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-026426date:2025-07-25T01:40:00
db:NVDid:CVE-2024-27781date:2025-07-22T21:37:00.010

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-026426date:2025-07-25T00:00:00
db:NVDid:CVE-2024-27781date:2025-02-11T17:15:21.980