CVE-2025-52436

CRITICAL WAF: High
CVSS 9.6 Published: 2026-02-10
CWE-79

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

VendorProductVersion
fortinetfortisandbox4.0.0 - 4.4.8
fortinetfortisandbox5.0.0 - 5.0.2

References

Back to CVE Database