{"api_version":"1","generated_at":"2026-04-23T08:03:46+00:00","cve":"CVE-2019-6142","urls":{"html":"https://cve.report/CVE-2019-6142","api":"https://cve.report/api/cve/CVE-2019-6142.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-6142","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-6142"},"summary":{"title":"CVE-2019-6142","description":"It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.","state":"PUBLIC","assigner":"psirt@forcepoint.com","published_at":"2019-11-05 21:15:00","updated_at":"2022-10-27 21:11:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://support.forcepoint.com/KBArticle?id=000017691","name":"https://support.forcepoint.com/KBArticle?id=000017691","refsource":"CONFIRM","tags":["Patch","Vendor Advisory"],"title":"KB Article | Forcepoint Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://help.forcepoint.com/security/CVE/CVE-2019-6142.html","name":"https://help.forcepoint.com/security/CVE/CVE-2019-6142.html","refsource":"CONFIRM","tags":[],"title":"Security Advisory: XSS Vulnerability in Forcepoint Email Security (CVE-2019-6142)","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-6142","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6142","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"6142","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"email_security","cpe6":"8.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6142","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"email_security","cpe6":"8.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6142","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"email_security","cpe6":"8.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6142","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"email_security","cpe6":"8.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6142","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"security_manager","cpe6":"8.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6142","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"security_manager","cpe6":"8.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6142","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"security_manager","cpe6":"8.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6142","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"forcepoint","cpe5":"security_manager","cpe6":"8.5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-6142","ASSIGNER":"psirt@forcepoint.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Forcepoint","product":{"product_data":[{"product_name":"Forcepoint Email Security","version":{"version_data":[{"version_value":"8.5"},{"version_value":"8.5.3"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://help.forcepoint.com/security/CVE/CVE-2019-6142.html","url":"https://help.forcepoint.com/security/CVE/CVE-2019-6142.html"}]},"description":{"description_data":[{"lang":"eng","value":"It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue."}]}},"nvd":{"publishedDate":"2019-11-05 21:15:00","lastModifiedDate":"2022-10-27 21:11:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:forcepoint:email_security:8.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:forcepoint:security_manager:8.5:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:forcepoint:security_manager:8.5.3:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:forcepoint:email_security:8.5.3:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"6142","Ordinal":"143813","Title":"CVE-2019-6142","CVE":"CVE-2019-6142","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"6142","Ordinal":"1","NoteData":"It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"6142","Ordinal":"2","NoteData":"2019-11-05","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"6142","Ordinal":"3","NoteData":"2019-11-05","Type":"Other","Title":"Modified"}]}}}