Vulnerability Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Forcepoint | Cloud Security Gateway | < 2023-03-29 |
| Forcepoint | Web Security | < 2023-03-29 |
Related Weaknesses (CWE)
References
- https://support.forcepoint.com/s/article/000041617Vendor Advisory
- https://support.forcepoint.com/s/article/000041617Vendor Advisory
FAQ
What is CVE-2023-26290?
CVE-2023-26290 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud...
How severe is CVE-2023-26290?
CVE-2023-26290 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26290?
Check the references section above for vendor advisories and patch information. Affected products include: Forcepoint Cloud Security Gateway, Forcepoint Web Security.