CVE-2018-1356 (fortisandbox)

A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan component.
Source: NIST
CVE-2018-1356 (fortisandbox)