CVE-2023-41843 – This cross-site scripting (XSS) vulnerability i... (How to Fix)

Q: What is the severity of CVE-2023-41843?

CVE-2023-41843 has a CVSS score of 7.5 (HIGH). This cross-site scripting (XSS) vulnerability in Fortinet FortiSandbox allows attackers to inject malicious scripts via crafted HTTP requests, which could lead to unauthorized code execution. Affected users include organizations running vulnerable FortiSandbox versions from 2.4.1 through 4.4.1.

📋 TL;DR

This cross-site scripting (XSS) vulnerability in Fortinet FortiSandbox allows attackers to inject malicious scripts via crafted HTTP requests, which could lead to unauthorized code execution. Affected users include organizations running vulnerable FortiSandbox versions from 2.4.1 through 4.4.1.

💻 Affected Systems

Products:

Fortinet FortiSandbox

Versions: 2.4.1, 2.5 all, 3.0 all, 3.1 all, 3.2 all, 4.0.0-4.0.3, 4.2.1-4.2.5, 4.4.0-4.4.1

Operating Systems: FortiOS-based appliance

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations of affected versions are vulnerable if exposed to network access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains administrative access to FortiSandbox, compromises the entire sandbox environment, and pivots to internal networks.

🟠

Likely Case

Attacker steals session cookies or credentials, performs actions as authenticated users, and potentially executes malicious commands.

🟢

If Mitigated

Script execution is contained within the sandbox environment with minimal impact due to network segmentation and proper access controls.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity, but specific exploit details are not publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: FortiSandbox 4.4.2 and later, 4.2.6 and later, 4.0.4 and later

Vendor Advisory: https://fortiguard.com/psirt/FG-IR-23-273

Restart Required: Yes

Instructions:

1. Download the latest firmware from Fortinet support portal. 2. Backup configuration. 3. Apply firmware update via web interface or CLI. 4. Reboot the appliance.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to FortiSandbox management interface to trusted IP addresses only.

Web Application Firewall

all

Deploy WAF with XSS protection rules in front of FortiSandbox.

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Enable Content Security Policy headers if supported

🔍 How to Verify

Check if Vulnerable:

Check FortiSandbox firmware version via web interface (System > Dashboard) or CLI command 'get system status'.

Check Version:

get system status | grep Version

Verify Fix Applied:

Verify firmware version is 4.4.2+, 4.2.6+, or 4.0.4+ after patching.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP requests with script tags or encoded payloads in FortiSandbox logs

Network Indicators:

HTTP requests containing suspicious script injection patterns to FortiSandbox management interface

SIEM Query:

source="fortisandbox" AND (http_uri="*<script*" OR http_uri="*javascript:*")

📊 Metadata

CVE ID: CVE-2023-41843

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-79

Published: October 13, 2023

Last Updated: January 14, 2026

🔗 References

https://fortiguard.com/psirt/FG-IR-23-273 Patch,Third Party Advisory
https://fortiguard.com/psirt/FG-IR-23-273 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-41843, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fortisandbox by Fortinet

Fortisandbox by Fortinet

Fortisandbox by Fortinet

Fortisandbox by Fortinet

Fortisandbox by Fortinet

Fortisandbox by Fortinet

Fortisandbox by Fortinet

Fortisandbox by Fortinet

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Web Application Firewall

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities