CVE-2023-6452

Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS.<br /> <br /> <br /> <br /> <br /> <br /> The<br /> Forcepoint Web Security portal allows administrators to generate <br /> detailed reports on user requests made through the Web proxy. It has <br /> been determined that the "user agent" field in the Transaction Viewer is<br /> vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability, <br /> which can be exploited by any user who can route traffic through the <br /> Forcepoint Web proxy.<br /> <br /> This <br /> vulnerability enables unauthorized attackers to execute JavaScript <br /> within the browser context of a Forcepoint administrator, thereby <br /> allowing them to perform actions on the administrator&amp;#39;s behalf. Such a <br /> breach could lead to unauthorized access or modifications, posing a <br /> significant security risk.<br /> <br /> <br /> <br /> <br /> <br /> <br /> This issue affects Web Security: before 8.5.6.