CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6452
https://notcve.org/view.php?id=CVE-2023-6452
22 Aug 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed reports on user requests made through the Web proxy. It has been determined that the "user agent" field in the Transaction Viewer is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability, which can be exploited by any user who can route traffic through t... • https://support.forcepoint.com/s/article/000042212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26292
https://notcve.org/view.php?id=CVE-2023-26292
29 Mar 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. • https://support.forcepoint.com/s/article/000041617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26291
https://notcve.org/view.php?id=CVE-2023-26291
29 Mar 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. • https://support.forcepoint.com/s/article/000041617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-26290
https://notcve.org/view.php?id=CVE-2023-26290
29 Mar 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. • https://support.forcepoint.com/s/article/000041617 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2019-6146 – Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-6146
22 Jan 2020 — It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Se ha reportado que un ataque de tipo cross-site scripting (XSS) es posible en Forcepoint Web Security, versiones 8.x, por medio de una inyección de encabezado de host. CVSSv3.0: 5.3 (Medio) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). Forcepoint WebSecurity version 8.5 suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/156274 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 168EXPL: 0CVE-2007-3699 – Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability
https://notcve.org/view.php?id=CVE-2007-3699
12 Jul 2007 — The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. El componente Decomposer en múltiples productos Symantec permite a atacantes remotos provocar denegación de servicio (bucles infinitos) a través de ciertos valores en el campo PACK_SIZE de una cabecera de archivo RAR. This vulnerability allows attackers to create a denial of service condition on software with vuln... • http://osvdb.org/36119 •
CVSS: 9.8EPSS: 10%CPEs: 168EXPL: 0CVE-2007-0447 – Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2007-0447
12 Jul 2007 — Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. Desbordamiento de búfer basado en pila en el componente Decomposer en múltiples producto Symantec que permiten a atacantes remotos ejecutar código de su elección a través de archivos .CAB manipulados. This vulnerability allows remote attackers to execute arbitrary code on systems with affected installations of Symantec's AntiVirus Engine. U... • http://osvdb.org/36118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 1%CPEs: 8EXPL: 0CVE-2007-0563
https://notcve.org/view.php?id=CVE-2007-0563
30 Jan 2007 — Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Symantec Web Security (SWS) anterior a 3.0.1.85 permite atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante vectores no especificados re... • http://osvdb.org/32960 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2007-0564
https://notcve.org/view.php?id=CVE-2007-0564
30 Jan 2007 — The license registering interface in Symantec Web Security (SWS) before 3.0.1.85 allows attackers to cause a denial of service (CPU consumption) by submitting a large file. La interfaz de registro de licencia en Symantec Web Security (SWS) versiones anteriores a 3.0.1.85 permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) enviando un fichero grande. • http://secunia.com/advisories/23896 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2005-1346
https://notcve.org/view.php?id=CVE-2005-1346
28 Apr 2005 — Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. • http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html •