CVE-2023-4803

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.
Configurations

Configuration 1 (hide)

cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
References () https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - Broken Link () https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - Broken Link

15 Sep 2023, 19:06

Type Values Removed Values Added
References
  • (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0007 - Vendor Advisory
References (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - (MISC) https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 - Broken Link
CPE cpe:2.3:a:proofpoint:insider_threat_management:*:*:*:*:*:*:*:*
CWE CWE-79
First Time Proofpoint insider Threat Management
Proofpoint
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.8

13 Sep 2023, 16:34

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-13 16:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4803

Mitre link : CVE-2023-4803

CVE.ORG link : CVE-2023-4803


JSON object : View

Products Affected

proofpoint

  • insider_threat_management
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')