Forcepoint Web Security — known CVE vulnerabilities
Every CVE whose affected-product data names Forcepoint Web Security, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2023-2080 — CVSS 8.5 (high): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway…
CVE-2019-6146 — CVSS 6.1 (medium): It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection…
CVE-2023-26290 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway…
CVE-2023-26291 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway…
CVE-2023-26292 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway…
CVE-2025-2274 — CVSS 6.1 (medium): Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue…