CVE-2024-9103

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://support.forcepoint.com/s/article/Security-Advisory-Email-Security-Gateway-Persistent-XSS-in-Blocked-Messages

Configurations

No configuration.

History

27 Mar 2025, 16:44

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de neutralización incorrecta de scripts en atributos de una página web en Forcepoint Email Security (módulo de mensajes bloqueados) permite XSS almacenado. Este problema afecta a Email Security hasta la versión 8.5.5.

24 Mar 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-24 16:15

Updated : 2025-03-27 16:44

NVD link : CVE-2024-9103

Mitre link : CVE-2024-9103

CVE.ORG link : CVE-2024-9103

JSON object : View

Products Affected

No product.

CWE

CWE-83

Improper Neutralization of Script in Attributes in a Web Page

6.1 /10