A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.Referenceshttps://fortiguard.com/advisory/FG-IR-18-024http://www.securityfocus.com/bid/107838
