CVE-2019-6146

CVE-2019-6146 affects Forcepoint Web Security (version 8.x). The issue is a cross-site scripting (XSS) vulnerability resulting from host header injection in the web application, enabling potential execution of client-side script when a crafted request is processed. The vulnerability is documented...

CVE-2023-2080

CVE-2023-2080 covers an SQL injection issue in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway and Email Security Cloud. The root cause cited is improper neutralization of special elements used in an SQL command, leading to Blind SQL Injection. Documents indicate affe...

CVE-2023-26290

The CVE describes a Reflected Cross-Site Scripting (XSS) in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway and related Web/Web Security Portal components (login_reset_request.mhtml modules) that could allow an attacker to execute script in a victim’s browser. Root ca...

CVE-2023-26291

CVE-2023-26291 affects Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud, and Forcepoint Web Security Portal on Hybrid. The issue is an improper neutralization of input during web page generation, enabling reflected Cross-Site Scripting via the log...

CVE-2023-26292

CVE-2023-26292 affects Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud, and Forcepoint Web Security Portal on Hybrid. The issue is an Improper Neutralization of Input During Web Page Generation, i.e., a Reflected Cross-site Scripting (XSS) vulner...

CVE-2025-2274

The CVE-2025-2274 entry describes a Stored Cross-Site Scripting (XSS) issue in Forcepoint Web Security (On-Prem) for Windows, caused by improper input neutralization during web page generation. Affects Forcepoint Web Security through version 8.5.6; no explicit exploit details are provided. CVSSv4...