CVE-2023-4802

A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.
Configurations

Configuration 1 (hide)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
References () https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - Broken Link () https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - Broken Link

15 Sep 2023, 16:41

Type Values Removed Values Added
First Time Proofpoint insider Threat Management
Proofpoint
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
CPE cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*
References
  • (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0007 - Vendor Advisory
References (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - Broken Link

13 Sep 2023, 16:34

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-13 16:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4802

Mitre link : CVE-2023-4802

CVE.ORG link : CVE-2023-4802


JSON object : View

Products Affected

proofpoint

  • insider_threat_management
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')