- Description
- An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an unauthenticated attacker to execute commands via crafted requests.
- Source
- psirt@fortinet.com
- NVD status
- Analyzed
- Products
- fortisandbox
CVSS 3.1
- Type
- Primary
- Base score
- 9.6
- Impact score
- 6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@fortinet.com
- CWE-79
- Hype score
- Not currently trending
⚠️ Vulnerabilidades en productos Fortinet ❗ CVE-2026-22153 ❗ CVE-2025-52436 ➡️ Más info: https://t.co/YSwgJUuHhp https://t.co/AGcsLdJu8O
@CERTpy
13 Feb 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
أصدرت @Fortinet تنبيهات لمعالجة ثغرات في منتجاتها مع وجود ثغرتين عاليتي الخطورة تتطلبان تحديثاً عاجلاً، هما: - الثغرة CVE-2025-52436 بتقييم CVSS 7.9. - الثغرة CVE-2026-22153 بت
@cyberscastx
11 Feb 2026
633 Impressions
0 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
Fortinet discloses high-severity XSS vulnerability (CVE-2025-52436) in FortiSandbox, allowing unauthenticated command execution. Immediate patching recommended. Link: https://t.co/ZPwX3v9Z1F #Cybersecurity #Vulnerability #Fortinet #Security #XSS #Exploitation #Patch #Software htt
@dailytechonx
11 Feb 2026
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 FortiSandbox [High] Feb 11, 2026 Comprehensive security advisory on recent vulnerabilities, risk impacts, and mitigation guidance for FortiSandbox, including details of CVE-2025-52436 published within the last 10 days. Checkout our Threat Intelligence Platform:... https://t.
@transilienceai
11 Feb 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-52436: HIGH] Fortinet FortiSandbox versions 5.0.0 to 5.0.1, 4.4.0 to 4.4.7, 4.2, and 4.0 are vulnerable to a 'Cross-site Scripting' flaw (CWE-79), enabling remote attackers to execute commands.#cve,CVE-2025-52436,#cybersecurity https://t.co/Hkcm9BkBj6
@CveFindCom
10 Feb 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Fortinet社のサンドボックス製品「FortiSandbox」に、深刻なクロスサイトスクリプティング(XSS)の脆弱性が存在することが公表されました。この脆弱性はCVE-2025-52436として追跡されており、深刻度を示すCVSSスコ
@omomuki_tech
10 Feb 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🟠 CVE-2025-52436 - High An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 t... https://t.co/G43x2BJ6a8 https://t.co/eUFDqhaY73
@TheHackerWire
10 Feb 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B145A7-83A1-4ED2-A9DC-109CAB0AB217",
"versionEndExcluding": "4.4.8",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42640C50-5490-4B50-840B-D35031671C42",
"versionEndExcluding": "5.0.2",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]