CVE-2023-41844

CVE Database · CVE-2023-41844

CVE-2023-41844

· LOWModified

CVSS v3.1

3.5

EPSS

0.43%

Published

Dec 13, 2023

Modified

Jan 14, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0.4 and above allows attacker to execute unauthorized code or commands via crafted HTTP requests in capture traffic endpoint.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-79

Affected Products (8)

fortinet · fortisandboxvulnerable

References (2)

https://fortiguard.com/psirt/FG-IR-23-214

Vendor Advisory

https://fortiguard.com/psirt/FG-IR-23-214

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs