ID
VAR-202604-3550
CVE
CVE-2026-39812
TITLE
fortinet's FortiSandbox Cross-site scripting vulnerabilities in multiple products, including
Trust: 0.8
DESCRIPTION
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8, FortiSandbox PaaS 4.2 all versions may allow attacker to execute unauthorized code or commands via <insert attack vector here>. This vulnerability allows an attacker to... insert attack vector here It may be possible to execute malicious code or commands through this.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks exploiting this vulnerability may affect other software
Trust: 1.62
AFFECTED PRODUCTS
| vendor: | fortinet | model: | fortisandbox cloud | scope: | lte | version: | 24.1.4436 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | gte | version: | 4.2.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | lte | version: | 23.1.4260 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | gte | version: | 23.3.4329 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | lte | version: | 4.2.8 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | gte | version: | 4.4.0 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | eq | version: | 5.0.5 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | gte | version: | 22.2.4134 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | lt | version: | 4.4.9 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox cloud | scope: | eq | version: | 5.0.4 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | lt | version: | 5.0.6 | Trust: 1.0 |
| vendor: | fortinet | model: | fortisandbox | scope: | gte | version: | 5.0.0 | Trust: 1.0 |
| vendor: | フォーティネット | model: | fortisandbox | scope: | - | version: | - | Trust: 0.8 |
| vendor: | フォーティネット | model: | fortisandbox cloud | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.0 |
| problemtype: | Cross-site scripting (CWE-79) [ others ] | Trust: 0.8 |
PATCH
| title: | PSIRT | FortiGuard Labs | url: | https://fortiguard.fortinet.com/psirt/FG-IR-26-110 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2026-39812 | Trust: 2.6 |
| db: | JVNDB | id: | JVNDB-2026-012090 | Trust: 0.8 |
REFERENCES
| url: | https://fortiguard.fortinet.com/psirt/fg-ir-26-110 | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2026-39812 | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2026-012090 |
| db: | NVD | id: | CVE-2026-39812 |
LAST UPDATE DATE
2026-06-19T22:41:02.527000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2026-012090 | date: | 2026-04-23T01:11:00 |
| db: | NVD | id: | CVE-2026-39812 | date: | 2026-04-21T17:12:33.610 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2026-012090 | date: | 2026-04-23T00:00:00 |
| db: | NVD | id: | CVE-2026-39812 | date: | 2026-04-14T16:16:45.490 |