CVE-2023-26290

Name of the Vulnerable Software and Affected Versions Forcepoint Cloud Security Gateway (CSG) versions prior to 03/29/2023 Forcepoint Web Security versions prior to 03/29/2023

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting (XSS), which allows Reflected XSS. This affects the login reset request.mhtml modules in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud, and Forcepoint Web Security Portal on Hybrid.

Recommendations For Forcepoint Cloud Security Gateway (CSG) versions prior to 03/29/2023, update to a version released after 03/29/2023 to resolve the issue. For Forcepoint Web Security versions prior to 03/29/2023, update to a version released after 03/29/2023 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable login reset request.mhtml modules until a patch is available.