366 matches found
CVE-2023-5770
The CVE-2023-5770 issue affects Proofpoint Enterprise Protection’s email delivery agent. The vulnerability arises from inappropriate encoding when rewriting emails before delivery, allowing an unauthenticated attacker to inject improperly encoded HTML into the email body via the subject. Affected...
CVE-2023-5770 HTML injection in email body through email subject
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the emai...
Proofpoint Enterprise Protection Security Vulnerabilities
Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides the ability to protect email. A security vulnerability exists in Proofpoint Enterprise Protection versions prior to 8.20.2 patch 4809, prior to 8.20.0 patch 4805, and prior to 8.18.6 patch 4804, which stems from...
CVE-2023-5771
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
CVE-2023-5771
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
Cross site scripting
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
CVE-2023-5771 HTML injection in AdminUI through email subject
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
CVE-2023-5771 HTML injection in AdminUI through email subject
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 befor...
CVE-2023-5771
Proofpoint Enterprise Protection has a stored XSS vulnerability in the AdminUI triggered by HTML in the email subject. An unauthenticated attacker can exploit this by sending a crafted email, with the XSS activating when quarantined messages are viewed. Affected versions include 8.20.0 before pat...
Proofpoint Enterprise Protection Cross-Site Scripting Vulnerability
Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect email. A security vulnerability exists in Proofpoint Enterprise Protection that stems from a stored cross-site scripting XSS vulnerability in AdminUI...
PT-2023-32313 · Proofpoint · Proofpoint Enterprise Protection
Name of the Vulnerable Software and Affected Versions: Proofpoint Enterprise Protection versions 8.20.0 through 8.20.0 before patch 4796 Proofpoint Enterprise Protection versions 8.18.6 through 8.18.6 before patch 4795 Proofpoint Enterprise Protection versions prior to 8.18.6 Description: The iss...
Proofpoint Insider Threat Management Code Issue Vulnerability
Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint USA. A code issue vulnerability exists in Proofpoint Insider Threat Management versions prior to 7.14.3.69, which stems from improper checking of anomalies and allows an attacker to change t...
Proofpoint Insider Threat Management Cross-Site Scripting Vulnerability
Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint Inc. in the United States. A cross-site scripting vulnerability exists in Insider Threat Management versions prior to 7.14.3.69, which stems from the presence of a Reflected Cross-Site...
Cybercriminals Renting WikiLoader to Target Italian Organizations with Banking Trojan
Organizations in Italy are the target of a new phishing campaign that leverages a new strain of malware called WikiLoader with an ultimate aim to install a banking trojan, stealer, and spyware referred to as Ursnif aka Gozi. "It is a sophisticated downloader with the objective of installing a...
Proofpoint Insider Threat Management Server 安全漏洞
Proofpoint Insider Threat Management Server is a server-side application from U.S.-based Proofpoint, Inc. that is used to prevent malicious operations by enterprise insiders. A security vulnerability exists in Proofpoint Insider Threat Management Server versions prior to 7.14.3, which stems from...
CVE-2023-2819
A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...
CVE-2023-2820
An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...
CVE-2023-2820
An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...
CVE-2023-2819
A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull PTR/TRAP could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. This could result in arbitrary javascript code...
Information disclosure
An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull PTR/TRAP could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic...