cbcvebase.
CVE-2023-26292
published 2023-03-29

CVE-2023-26292: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web…

PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.35%
27.2th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.

Affected

4 ranges
VendorProductVersion rangeFixed in
forcepointcloud_security_gateway< 03/29/202303/29/2023
forcepointcloud_security_gateway< 2023-03-292023-03-29
forcepointweb_security< 03/29/202303/29/2023
forcepointweb_security< 2023-03-292023-03-29
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.