CVE-2015-7360

CVE Database · CVE-2015-7360

CVE-2015-7360

· N/AModified

CVSS v3.1

N/A

EPSS

1.54%

Published

May 26, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature."

Weaknesses (CWE)

CWE-79

Affected Products (2)

fortinet · fortisandbox

fortinet · fortisandbox_firmwarevulnerable

References (8)

http://fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortisandbox-webui

Vendor Advisory

http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt

http://packetstormsecurity.com/files/132930/FortiSandbox-3000D-2.02-build0042-Cross-Site-Scripting.html

http://www.securityfocus.com/archive/1/536124/100/0/threaded

http://fortiguard.com/advisory/multiple-xss-vulnerabilities-in-fortisandbox-webui

Vendor Advisory

http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt

http://packetstormsecurity.com/files/132930/FortiSandbox-3000D-2.02-build0042-Cross-Site-Scripting.html

http://www.securityfocus.com/archive/1/536124/100/0/threaded

KEV Catalog EPSS Scores Vendors All CVEs