Vulnerabilities > Forcepoint > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-2166 | Cross-site Scripting vulnerability in Forcepoint Email Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Email Security (Real Time Monitor modules) allows Reflected XSS.This issue affects Email Security: before 8.5.5 HF003. | 6.1 |
| 2023-03-29 | CVE-2023-26290 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2023-03-29 | CVE-2023-26291 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2023-03-29 | CVE-2023-26292 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2022-04-04 | CVE-2022-27608 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. | 6.0 |
| 2022-04-04 | CVE-2022-27609 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. | 6.0 |
| 2020-01-22 | CVE-2019-6146 | Cross-site Scripting vulnerability in Forcepoint web Security 8.0.0/8.5.3 It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. | 6.1 |
| 2019-12-23 | CVE-2019-6147 | Incorrect Type Conversion or Cast vulnerability in Forcepoint Next Generation Firewall Security Management Center Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. | 5.9 |
| 2019-11-05 | CVE-2019-6142 | Cross-site Scripting vulnerability in Forcepoint Email Security and Security Manager It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. | 6.1 |
| 2019-10-23 | CVE-2019-6144 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint 19.04/19.08 This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | 6.5 |