What is CVE-2023-45587 — XSS in Fortinet FortiSandbox?

CVE-2023-45587 is a cross-site scripting (XSS) vulnerability in Fortinet FortiSandbox versions 3.1.0–4.4.2, allowing attackers to execute malicious scripts.

Am I affected by CVE-2023-45587 in Fortinet FortiSandbox?

If you are running Fortinet FortiSandbox versions 3.1.0 through 4.4.2, you are potentially affected by this vulnerability.

How do I fix CVE-2023-45587 in Fortinet FortiSandbox?

Upgrade to a patched version of Fortinet FortiSandbox as soon as possible. Refer to the Fortinet advisory for specific version details.

Is CVE-2023-45587 being actively exploited?

While no active exploitation campaigns have been publicly confirmed, the vulnerability remains a potential threat due to the ease of XSS exploitation.

Where can I find the official Fortinet advisory for CVE-2023-45587?

Refer to the official Fortinet security advisory for detailed information and patching instructions: [https://fortinet.com/security/advisory/fo45587](https://fortinet.com/security/advisory/fo45587)

CVE-2023-45587 — Vulnerability Details

NEXTGUARD

免费扫描

CVE-2023-45587 — Vulnerability Details | NextGuard

检测步骤翻译中…

• fortinet / web:

curl -I <fortisandbox_url> | grep -i 'X-XSS-Protection'

• fortinet / web:

curl -I <fortisandbox_url> | grep -i 'Content-Security-Policy'

• fortinet / web: Check FortiSandbox logs for unusual HTTP requests containing script tags or event handlers. • fortinet / web: Examine FortiSandbox configuration for overly permissive access controls or insecure settings.

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.2, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all

影响与攻击场景翻译中…

利用背景翻译中…

哪些人处于风险中翻译中…

检测步骤翻译中…

攻击时间线

威胁情报

受影响的软件

弱点分类 (CWE)

时间线

缓解措施和替代方案翻译中…

修复方法翻译中…

CVE 安全通讯

常见问题翻译中…

What is CVE-2023-45587 — XSS in Fortinet FortiSandbox?

Am I affected by CVE-2023-45587 in Fortinet FortiSandbox?

How do I fix CVE-2023-45587 in Fortinet FortiSandbox?

Is CVE-2023-45587 being actively exploited?

Where can I find the official Fortinet advisory for CVE-2023-45587?

你的项目受影响吗?