HTTP: Fortinet FortiSandbox Dashboard Widget Stored Cross-Site Scripting

This signature detects attempts to exploit a known cross-site scripting vulnerability against Fortinet FortiSandbox. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.

Extended Description

An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox at least versions 4.4.0 through 4.4.4 and 4.2.0 through 4.2.6 and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP requests.

References

CVE: CVE-2024-27781

Short Name
HTTP:XSS:FORTINET-SANDBOX-XSS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2024-27781 Cross-Site Dashboard FortiSandbox Fortinet Scripting Stored Widget
Release Date
06/09/2025
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3815
False Positive
Unknown

Found a potential security threat?