Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS.
The
Forcepoint Web Security portal allows administrators to generate
detailed reports on user requests made through the Web proxy. It has
been determined that the "user agent" field in the Transaction Viewer is
vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability,
which can be exploited by any user who can route traffic through the
Forcepoint Web proxy.
This
vulnerability enables unauthorized attackers to execute JavaScript
within the browser context of a Forcepoint administrator, thereby
allowing them to perform actions on the administrator's behalf. Such a
breach could lead to unauthorized access or modifications, posing a
significant security risk.
This issue affects Web Security: before 8.5.6.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://support.forcepoint.com/s/article/000042212 |
History
Thu, 22 Aug 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Forcepoint
Forcepoint web Security |
|
CPEs | cpe:2.3:a:forcepoint:web_security:*:*:*:*:*:*:*:* | |
Vendors & Products |
Forcepoint
Forcepoint web Security |
|
Metrics |
ssvc
|
Thu, 22 Aug 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed reports on user requests made through the Web proxy. It has been determined that the "user agent" field in the Transaction Viewer is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability, which can be exploited by any user who can route traffic through the Forcepoint Web proxy. This vulnerability enables unauthorized attackers to execute JavaScript within the browser context of a Forcepoint administrator, thereby allowing them to perform actions on the administrator's behalf. Such a breach could lead to unauthorized access or modifications, posing a significant security risk. This issue affects Web Security: before 8.5.6. | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: forcepoint
Published: 2024-08-22T15:21:32.329Z
Updated: 2024-08-22T19:50:08.561Z
Reserved: 2023-11-30T22:10:02.333Z
Link: CVE-2023-6452
Vulnrichment
Updated: 2024-08-22T19:50:02.197Z
NVD
Status : Awaiting Analysis
Published: 2024-08-22T16:15:07.997
Modified: 2024-08-23T16:18:28.547
Link: CVE-2023-6452
Redhat
No data.