4 matches found
CVE-2022-1700
CVE-2022-1700 is an XXE vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP). The XML parser was configured to allow external entities/DTDs, affecting DLP versions before 8.8.2 and related products: Forcepoint One Endpoint (Policy Engine before 8.8.2), Forcepoint Web Securi...
CVE-2023-26290
The CVE describes a Reflected Cross-Site Scripting (XSS) in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway and related Web/Web Security Portal components (login_reset_request.mhtml modules) that could allow an attacker to execute script in a victim’s browser. Root ca...
CVE-2023-26292
CVE-2023-26292 affects Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud, and Forcepoint Web Security Portal on Hybrid. The issue is an Improper Neutralization of Input During Web Page Generation, i.e., a Reflected Cross-site Scripting (XSS) vulner...
CVE-2023-26291
CVE-2023-26291 affects Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud, and Forcepoint Web Security Portal on Hybrid. The issue is an improper neutralization of input during web page generation, enabling reflected Cross-Site Scripting via the log...