Vulnerabilities > Forcepoint > WEB Security > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2023-26290 Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.
network
low complexity
forcepoint CWE-79
6.1
2023-03-29 CVE-2023-26291 Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.
network
low complexity
forcepoint CWE-79
6.1
2023-03-29 CVE-2023-26292 Cross-site Scripting vulnerability in Forcepoint Cloud Security Gateway and web Security
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.
network
low complexity
forcepoint CWE-79
6.1
2020-01-22 CVE-2019-6146 Cross-site Scripting vulnerability in Forcepoint web Security 8.0.0/8.5.3
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection.
network
low complexity
forcepoint CWE-79
6.1