{"vulnerability": "CVE-2023-6452", "sightings": [{"uuid": "85ef1502-c5fa-4ae6-b2d6-634453285733", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-6452", "type": "seen", "source": "https://t.me/cvedetector/3938", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-6452 - Forcepoint Web Security Cross-site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2023-6452 \nPublished : Aug. 22, 2024, 4:15 p.m. | 39\u00a0minutes ago \nDescription : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Web Security (Transaction Viewer) allows Stored XSS.  \n  \n  \n  \n  \n  \nThe  \n Forcepoint Web Security portal allows administrators to generate   \ndetailed reports on user requests made through the Web proxy. It has   \nbeen determined that the \"user agent\" field in the Transaction Viewer is  \n vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability,   \nwhich can be exploited by any user who can route traffic through the   \nForcepoint Web proxy.  \n  \nThis   \nvulnerability enables unauthorized attackers to execute JavaScript   \nwithin the browser context of a Forcepoint administrator, thereby   \nallowing them to perform actions on the administrator's behalf. Such a   \nbreach could lead to unauthorized access or modifications, posing a   \nsignificant security risk.  \n  \n  \n  \n  \n  \n  \nThis issue affects Web Security: before 8.5.6. \nSeverity: 9.6 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"22 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-22T19:23:21.000000Z"}]}