HTML injection in AdminUI through email subject
CVE-2023-5771

6.1MEDIUM

Key Information:

Vendor: Proofpoint
Status: Proofpoint Enterprise Protection
Vendor: CVE Published:; 6 November 2023

What is CVE-2023-5771?

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.

Affected Version(s)

Proofpoint Enterprise Protection 8.20.0

Proofpoint Enterprise Protection 8.18.6

References

https://www.proofpoint.com/us/security/security-advisorie...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2023
Vulnerability Reserved
Oct 25, 2023