Forcepoint Web Security vulnerabilities
6 known vulnerabilities affecting forcepoint/web_security.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2019-6146P3MEDIUMCVSS 6.1PoC≥ 8.0.0, < 8.5.42020-01-22
CVE-2019-6146 [MEDIUM] CWE-79 CVE-2019-6146: It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
nvd
CVE-2023-6452P3CRITICALCVSS 9.6fixed in 8.5.62024-08-22
CVE-2023-6452 [CRITICAL] CWE-79 CVE-2023-6452: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS.
The
Forcepoint Web Security portal allows administrators to generate
detailed reports on user requests made through the Web proxy. It has
been determined that the "user agent" field in
nvd
CVE-2025-2274P4MEDIUMCVSS 6.1≤ 8.5.62026-03-16
CVE-2025-2274 [MEDIUM] CWE-79 CVE-2025-2274: Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on
Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue affects Web Security through 8.5.6.
nvd
CVE-2023-26290P4MEDIUMCVSS 6.1fixed in 2023-03-29fixed in 03/29/20232023-03-29
CVE-2023-26290 [MEDIUM] CWE-79 CVE-2023-26290: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affec
nvd
CVE-2023-26292P4MEDIUMCVSS 6.1fixed in 2023-03-29fixed in 03/29/20232023-03-29
CVE-2023-26292 [MEDIUM] CWE-79 CVE-2023-26292: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Secur
nvd
CVE-2023-26291P4MEDIUMCVSS 6.1fixed in 2023-03-29fixed in 03/29/20232023-03-29
CVE-2023-26291 [MEDIUM] CWE-79 CVE-2023-26291: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security
nvd