5 matches found
CVE-2023-5771
Proofpoint Enterprise Protection has a stored XSS vulnerability in the AdminUI triggered by HTML in the email subject. An unauthenticated attacker can exploit this by sending a crafted email, with the XSS activating when quarantined messages are viewed. Affected versions include 8.20.0 before pat...
CVE-2023-0090
Proofpoint Enterprise Protection (PPS/POD) webservices are affected by CVE-2023-0090: an anonymous user can trigger remote code execution via eval injection, requiring network access to the webservices API (non-default configuration) and impacting all versions 8.20.0 and below. Exploitation detai...
CVE-2021-31608
CVE-2021-31608 affects Proofpoint Enterprise Protection prior to 18.8.0 and enables bypass of a security control. The available documents state the impact as a bypass but do not provide root-cause details, exploit steps, or a confirmed fix/version, and the exploitation status is not specified. CV...
CVE-2023-0089
CVE-2023-0089 affects Proofpoint Enterprise Protection (PPS/POD) webutils. An authenticated user can execute remote code through an eval injection vulnerability, impacting all versions ≤ 8.20.0. The issue arises in the webutils component of PPS/POD, enabling high-severity impact (C, I, A: High) a...
CVE-2020-14009
Affected product: Proofpoint Enterprise Protection (PPS/PoD) prior to version 8.16.4. Root cause: Messages with crafted/malformed multipart structures are not properly handled, enabling bypass of scanning and file-blocking rules. Impact: An attacker could deliver an email with a malicious attachm...