ITM Server Cross-site Scripting in WriteWindowTitle Endpoint
CVE-2023-4803

4.8MEDIUM

Key Information:

Vendor: Proofpoint
Status: Itm Server
Vendor: CVE Published:; 13 September 2023

Summary

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.

Affected Version(s)

ITM Server 0 <= 7.14.3

References

https://www.proofpoint.com/us/security/security-advisorie...

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 13, 2023
Vulnerability Reserved
Sep 6, 2023