Stored XSS Vulnerability in Forcepoint Email Security Product
CVE-2024-9103

6.1MEDIUM

Key Information:

Vendor: Forcepoint
Status: Email Security
Vendor: CVE Published:; 24 March 2025

What is CVE-2024-9103?

A vulnerability in Forcepoint Email Security's Blocked Messages module allows for stored cross-site scripting (XSS) attacks due to improper neutralization of script in attributes. This issue could enable attackers to execute malicious scripts within the context of a user's browser session, potentially compromising sensitive information and leading to further exploitation.

Affected Version(s)

Email Security 0 <= 8.5.5

References

https://support.forcepoint.com/s/article/Security-Advisor...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2025
Vulnerability Reserved
Sep 23, 2024

Credit

Anis Messaoudi and CPA Bank