Hazem Osama

**Name of the Vulnerable Software and Affected Versions** Forcepoint Next Generation Firewall Security Management Center versions prior to 6.10.13 Forcepoint Next Generation Firewall Security Management Center versions 6.11.0 through 7.1.2 **Description** The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting (XSS) attacks. This can enable a remote attacker to conduct cross-site scripting attacks. The SMC Downloads feature in the Forcepoint NGFW Security Management Center is affected. **Recommendations** For versions prior to 6.10.13, update to version 6.10.13 or later. For versions 6.11.0 through 7.1.2, update to version 7.1.2 or later. As a temporary workaround, consider disabling the SMC Downloads feature until a patch is available. Restrict access to the Management Client downloads and ECA configuration downloads to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to the lack of protection of the web page structure in Zabbix, allowing a remote attacker to impact data integrity. An authenticated user can create a hosts group from the configuration with an XSS payload, which will be available for other users. When the XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire, and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.