CVE-2025-52436

216.73.217.22

· Published 10/02/2026 16:16 · Modified 10/02/2026 21:52

Labels: CVE-2025-52436 2026-02-10 CVE-2025-52436 CWE-79 [email protected]

Essential information

Published: 10/02/2026 16:16
Modified: 10/02/2026 21:52
Author: —
Creator: —
CVSS: 8.8 HIGH (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS metrics

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
fortinet / fortisandbox	`cpe:2.3:a:fortinet:fortisandbox:5.0.0-5.0.1:::::::*`
fortinet / fortisandbox	`cpe:2.3:a:fortinet:fortisandbox:4.4.0-4.4.7:::::::*`
fortinet / fortisandbox	`cpe:2.3:a:fortinet:fortisandbox:4.2:::::::*`
fortinet / fortisandbox	`cpe:2.3:a:fortinet:fortisandbox:4.0:::::::*`