Details of VAR-202604-2837

ID

VAR-202604-2837

CVE

CVE-2025-61886

TITLE

fortinet's FortiSandbox Cross-site scripting vulnerabilities in multiple products, including

Trust: 0.8

sources: JVNDB: JVNDB-2026-012332

DESCRIPTION

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests. [CWE-79] There is a vulnerability that allows an attacker to craft a specially made attack. HTTP via request XSS It may be possible to carry out the attack.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-61886 // JVNDB: JVNDB-2026-012332

AFFECTED PRODUCTS

vendor:	fortinet	model:	fortisandbox cloud	scope:	eq	version:	5.0.4	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	lt	version:	5.0.5	Trust: 1.0
vendor:	fortinet	model:	fortisandbox	scope:	gte	version:	5.0.0	Trust: 1.0
vendor:	フォーティネット	model:	fortisandbox cloud	scope:	-	version:	-	Trust: 0.8
vendor:	フォーティネット	model:	fortisandbox	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-012332 // NVD: CVE-2025-61886

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@fortinet.com:	CVE-2025-61886
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2026-012332
value:	MEDIUM
Trust: 0.8

psirt@fortinet.com:	CVE-2025-61886
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-012332
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-012332 // NVD: CVE-2025-61886

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-012332 // NVD: CVE-2025-61886

PATCH

title:

PSIRT | FortiGuard Labs

url:

https://fortiguard.fortinet.com/psirt/FG-IR-26-109

Trust: 0.8

sources: JVNDB: JVNDB-2026-012332

EXTERNAL IDS

db:	NVD	id:	CVE-2025-61886	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-012332	Trust: 0.8

sources: JVNDB: JVNDB-2026-012332 // NVD: CVE-2025-61886

REFERENCES

url:	https://fortiguard.fortinet.com/psirt/fg-ir-26-109	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-61886	Trust: 0.8

sources: JVNDB: JVNDB-2026-012332 // NVD: CVE-2025-61886

SOURCES

db:	JVNDB	id:	JVNDB-2026-012332
db:	NVD	id:	CVE-2025-61886

LAST UPDATE DATE

2026-06-19T23:19:08.621000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-012332	date:	2026-04-24T02:34:00
db:	NVD	id:	CVE-2025-61886	date:	2026-04-22T19:09:04.987

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-012332	date:	2026-04-24T00:00:00
db:	NVD	id:	CVE-2025-61886	date:	2026-04-14T16:16:31.800