CVE-2015-7360 – FortiSandbox 3000D 2.02 build0042 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2015-7360

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature." Múltiples vulnerabilidades de XSS en la Web User Interface (WebUI) en Fortinet FortiSandbox en versiones anteriores a 2.1 permite a atacantes remotos inyectar secuencias de comandos web o HTLM arbitrarios a través del (1) parámetro serial para alerts/summary/profile/; (2) parámetro urlForCreatingReport para csearch/report/export/; (3) parámetro id para analysis/detail/download/screenshot; o vectores relacionados con (4) "amenazas Fortiview por el filtrado de búsqueda de usuarios por vdom" o (5) "descarga de archivo PCAP generada por la funcionalidad scan VM". FortiSandbox 3000D version 2.02 build004 suffers from a cross site scripting vulnerability. • http://fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortisandbox-webui http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt http://packetstormsecurity.com/files/132930/FortiSandbox-3000D-2.02-build0042-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/536124/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •