exploitDog

CVE-2023-26290

Опубликовано: 29 мар. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.

Ссылки

https://support.forcepoint.com/s/article/000041617
Vendor Advisory
https://support.forcepoint.com/s/article/000041617
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:forcepoint:cloud_security_gateway:*:*:*:*:*:*:*:*

Версия до 2023-03-29 (исключая)

cpe:2.3:a:forcepoint:web_security:*:*:*:*:*:*:*:*

Версия до 2023-03-29 (исключая)

EPSS

Процентиль: 62%

0.00435

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-xx7j-rqjq-33gm

CVSS3: 6.1

github

больше 2 лет назад

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.

EPSS

Процентиль: 62%

0.00435

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79