CVE-2023-4802

A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.
Configurations

Configuration 1 (hide)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*

History

15 Sep 2023, 16:41

Type Values Removed Values Added
First Time Proofpoint insider Threat Management
Proofpoint
References
  • (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0007 - Vendor Advisory
References (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - Broken Link
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8
CPE cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*

13 Sep 2023, 16:34

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-13 16:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-4802

Mitre link : CVE-2023-4802

CVE.ORG link : CVE-2023-4802


JSON object : View

Products Affected

proofpoint

  • insider_threat_management
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')