Cross-site Scripting Vulnerability in Forcepoint Cloud Security Gateway and Web Security
CVE-2023-26292

6.1MEDIUM

Key Information:

Vendor: Forcepoint
Status: Cloud Security Gateway (csg); Web Security
Vendor: CVE Published:; 29 March 2023

What is CVE-2023-26292?

The vulnerability arises from improper neutralization of user input during the generation of web pages in the Forcepoint Cloud Security Gateway and Web Security products. Specifically, it enables reflected Cross-site Scripting (XSS) attacks, which could allow an attacker to execute malicious scripts in the context of the user's browser session. This issue impacts versions released before March 29, 2023, affecting both the Cloud Security Gateway and Web Security portals, which could lead to data theft and unauthorized actions if successfully exploited.

Affected Version(s)

Cloud Security Gateway (CSG) Web Cloud Security Gateway 0 < 03/29/2023

Web Security Hybrid 0 < 03/29/2023

References

https://support.forcepoint.com/s/article/000041617

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 29, 2023
Vulnerability Reserved
Feb 21, 2023

Credit

Pratik Kumar Singh (@4rch_54m431)