Cross site scripting

2023-09-1316:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

reflected vulnerability

updateinstalledsoftware endpoint

insider threat management

authenticated administrator

arbitrary javascript

browser

version 7.14.3.69

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server’s web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator’s browser. All versions prior to 7.14.3.69 are affected.

CPENameOperatorVersion
insider_threat_managementlt7.14.3.69

CPE	Name	Operator	Version
	insider_threat_management	lt	7.14.3.69

References

www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0007

www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007