HTML injection in AdminUI through email subject
CVE-2023-5771

6.1MEDIUM

Key Information:

Vendor
Proofpoint
Status
Proofpoint Enterprise Protection
Vendor
CVE Published:
6 November 2023

Summary

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.

Affected Version(s)

Proofpoint Enterprise Protection 8.20.0

Proofpoint Enterprise Protection 8.20.0

Proofpoint Enterprise Protection 8.18.6

References

https://www.proofpoint.com/us/security/security-advisorie...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-5771 : HTML injection in AdminUI through email subject | SecurityVulnerability.io