Forcepoint Cloud Security Gateway vulnerabilities
4 known vulnerabilities affecting forcepoint/cloud_security_gateway.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2022-1700P3CRITICALCVSS 9.8fixed in 2022-06-20vprior to June 20, 20222022-09-12
CVE-2022-1700 [CRITICAL] CWE-611 CVE-2022-1700: Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was f
nvd
CVE-2023-26290P4MEDIUMCVSS 6.1fixed in 2023-03-29fixed in 03/29/20232023-03-29
CVE-2023-26290 [MEDIUM] CWE-79 CVE-2023-26290: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affec
nvd
CVE-2023-26292P4MEDIUMCVSS 6.1fixed in 2023-03-29fixed in 03/29/20232023-03-29
CVE-2023-26292 [MEDIUM] CWE-79 CVE-2023-26292: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Secur
nvd
CVE-2023-26291P4MEDIUMCVSS 6.1fixed in 2023-03-29fixed in 03/29/20232023-03-29
CVE-2023-26291 [MEDIUM] CWE-79 CVE-2023-26291: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security
nvd