PT-2024-19004 · Forcepoint · Forcepoint Email Security

Published

2024-09-04

Updated

2024-09-12

CVE-2024-2166

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Forcepoint Email Security versions prior to 8.5.5 HF003

Description The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This is due to improper input handling in the Real Time Monitor modules of Forcepoint Email Security.

Recommendations For versions prior to 8.5.5 HF003, update to version 8.5.5 HF003 or later to resolve the issue. As a temporary workaround, consider restricting access to the Real Time Monitor modules until a patch is applied. Avoid using potentially vulnerable input parameters in the affected modules to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-2166

Affected Products

Forcepoint Email Security

PT-2024-19004 · Forcepoint · Forcepoint Email Security

CVE-2024-2166

Weakness Enumeration

Related Identifiers

Affected Products

References · 8