Vulnerabilities > Forcepoint > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-29 | CVE-2023-26290 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2023-03-29 | CVE-2023-26291 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2023-03-29 | CVE-2023-26292 | Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | 6.1 |
| 2021-10-04 | CVE-2021-41530 | Unspecified vulnerability in Forcepoint Next Generation Firewall Forcepoint NGFW Engine versions 6.5.11 and earlier, 6.8.6 and earlier, and 6.10.0 are vulnerable to TCP reflected amplification vulnerability, if HTTP User Response has been configured. network forcepoint | 4.3 |
| 2021-04-08 | CVE-2020-6590 | XXE vulnerability in Forcepoint products Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | 5.0 |
| 2020-01-22 | CVE-2019-6146 | Cross-site Scripting vulnerability in Forcepoint web Security 8.0.0/8.5.3 It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. | 4.3 |
| 2019-12-23 | CVE-2019-6147 | Incorrect Type Conversion or Cast vulnerability in Forcepoint Next Generation Firewall Security Management Center Forcepoint NGFW Security Management Center (SMC) versions lower than 6.5.12 or 6.7.1 have a rare issue that in specific circumstances can corrupt the internal configuration database. | 4.3 |
| 2019-11-05 | CVE-2019-6142 | Cross-site Scripting vulnerability in Forcepoint Email Security and Security Manager It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. | 6.1 |
| 2019-10-23 | CVE-2019-6144 | Incorrect Authorization vulnerability in Forcepoint ONE Endpoint 19.04/19.08 This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | 4.0 |
| 2019-08-20 | CVE-2019-6143 | Improper Authentication vulnerability in Forcepoint Next Generation Firewall Forcepoint Next Generation Firewall (Forcepoint NGFW) 6.4.x before 6.4.7, 6.5.x before 6.5.4, and 6.6.x before 6.6.2 has a serious authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services protected by the NGFW Engine. | 6.4 |