VDB
CVE-2025-61886
CVE-2025-61886
PUBLISHED
CVSS 4.900000095367432 MEDIUM
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests.
EPSS 0.03% · 7.7th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
0.03%
7.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fortinet | FortiSandbox | 5.0.0 |
| Fortinet | FortiSandbox PaaS | 5.0.0 |
Timeline
- Apr 14, 2026 CVE Published
- Apr 14, 2026 CVE Updated
- Apr 23, 2026 Security Advisory
- May 18, 2026 EPSS Score
- May 19, 2026 EPSS Score
- May 20, 2026 EPSS Score
- May 21, 2026 EPSS Score
- May 22, 2026 EPSS Score
- May 23, 2026 EPSS Score
- May 24, 2026 EPSS Score
- May 25, 2026 EPSS Score
- May 26, 2026 EPSS Score