Input passed via the “back_url” parameter in the file scan component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Cross Site Scripting
Fortinet FortiSandbox 2.x
Upgrade to version 3.0.0 or later.