It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
[
{
"product": "Forcepoint Web Security",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.5, 8.4"
}
]
}
]