CVE-2023-41843 in FortiSandbox
Summary
by MITRE • 10/25/2023
A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.1, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3, FortiSandbox 3.2 all versions, FortiSandbox 3.1 all versions, FortiSandbox 3.0 all versions, FortiSandbox 2.5 all versions, FortiSandbox 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 01/14/2026
This cross-site scripting vulnerability exists within Fortinet FortiSandbox versions ranging from 2.4.1 through 4.4.1, representing a critical weakness in the web application's input validation mechanisms. The flaw occurs during web page generation when the system fails to properly sanitize user-supplied data before incorporating it into dynamic content, creating an environment where malicious actors can inject arbitrary script code. This vulnerability falls under CWE-79 which specifically addresses cross-site scripting flaws in web applications, where inadequate input filtering allows attackers to execute client-side scripts in the context of other users' browsers. The vulnerability affects multiple major versions of FortiSandbox, indicating a widespread issue that spans several release cycles and suggests the root cause remains unaddressed across the product line.
The operational impact of this vulnerability is severe as it enables attackers to execute unauthorized code or commands through carefully crafted HTTP requests that exploit the input sanitization failure. An attacker could leverage this weakness to perform session hijacking, deface web interfaces, steal sensitive data, or redirect users to malicious websites. The vulnerability's presence in both newer and older versions of the FortiSandbox platform means that organizations with legacy deployments are equally at risk, potentially exposing their security infrastructure to unauthorized access. This weakness creates a persistent threat vector that could be exploited by threat actors with minimal technical expertise, as the attack surface is accessible through standard HTTP request manipulation techniques.
The technical exploitation of this vulnerability follows typical XSS attack patterns where malicious input is embedded within HTTP requests and subsequently rendered in web pages without proper sanitization or encoding. Attackers can craft payloads that leverage the web application's failure to neutralize dangerous input characters, allowing malicious scripts to execute in the victim's browser context. This vulnerability directly aligns with ATT&CK technique T1059.007 which covers scripting through web shells, and T1566.001 which addresses spearphishing through social engineering. Organizations using FortiSandbox should implement immediate mitigations including input validation controls, output encoding, and web application firewalls to prevent exploitation. The vulnerability's persistence across multiple versions indicates that organizations must conduct comprehensive vulnerability assessments and apply patches promptly to prevent potential compromise of their security infrastructure.