Lucene search

[email protected]NVD:CVE-2023-26291

HistoryMar 29, 2023 - 5:15 p.m.

CVE-2023-26291

2023-03-2917:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-26291

cross-site scripting

forcepoint cloud security gateway

web security portal

reflected xss

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.2%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.

Affected configurations

Nvd

Node

forcepointcloud_security_gatewayRange<2023-03-29

forcepointweb_securityRange<2023-03-29

VendorProductVersionCPE
forcepointcloud_security_gateway*cpe:2.3:a:forcepoint:cloud_security_gateway:*:*:*:*:*:*:*:*
forcepointweb_security*cpe:2.3:a:forcepoint:web_security:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
forcepoint	cloud_security_gateway	*	cpe:2.3:a:forcepoint:cloud_security_gateway::::::::
forcepoint	web_security	*	cpe:2.3:a:forcepoint:web_security::::::::

References

support.forcepoint.com/s/article/000041617

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

31.2%

JSON

Related for NVD:CVE-2023-26291

prion1 cve1 cvelist1