CVE-2023-6452
published 2024-08-22CVE-2023-6452: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows…
PriorityP341critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EPSS
0.40%
31.5th percentile
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS.
The
Forcepoint Web Security portal allows administrators to generate
detailed reports on user requests made through the Web proxy. It has
been determined that the "user agent" field in the Transaction Viewer is
vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability,
which can be exploited by any user who can route traffic through the
Forcepoint Web proxy.
This
vulnerability enables unauthorized attackers to execute JavaScript
within the browser context of a Forcepoint administrator, thereby
allowing them to perform actions on the administrator's behalf. Such a
breach could lead to unauthorized access or modifications, posing a
significant security risk.
This issue affects Web Security: before 8.5.6.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| forcepoint | web_security | < 8.5.6 | 8.5.6 |
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-85fc-rr25-p568: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) all
ghsa_unreviewed·2024-08-22
CVE-2023-6452 [CRITICAL] CWE-79 GHSA-85fc-rr25-p568: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) all
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS.
The
Forcepoint Web Security portal allows administrators to generate
detailed reports on user requests made through the Web proxy. It has
been determined that the "user agent" field in the Transaction Viewer is
vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability,
which can be exploited by any user who can route traffic through the
Forcepoint Web proxy.
This
vulnerability enables unauthorized attackers to execute JavaScript
within the browser context of a Forcepoint administrator, thereby
allowing them to perform actions on the administrator's behalf. Such a
breach could lead to unauthorized access or modific
CISA
Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
cisa·2024-07-29·CVSS 9.8
CVE-2023-45249 [CRITICAL] CWE-1393 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Vulnerability: Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability
Affected: Acronis Cyber Infrastructure (ACI)
Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://security-advisory.acronis.com/advisories/SEC-6452; https://nvd.nist.gov/vuln/detail/CVE-2023-45249
Remediation Due Date: 2024-08-19
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-22
Published