CVE-2023-4803
ITM Server Cross-site Scripting in WriteWindowTitle Endpoint
Severity Score
4.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.
Un administrador autenticado podrĂa utilizar una vulnerabilidad de Cross-Site Scripting (XSS) Reflejada en el endpoint WriteWindowTitle de la consola web del servidor Insider Threat Management (ITM) para ejecutar JavaScript arbitrario dentro del navegador de otro administrador de la consola web. Todas las versiones anteriores a la 7.14.3.69 se ven afectadas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-06 CVE Reserved
- 2023-09-13 CVE Published
- 2024-09-19 EPSS Updated
- 2024-09-24 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-007 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0007 | 2023-10-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Proofpoint Search vendor "Proofpoint" | Insider Threat Management Search vendor "Proofpoint" for product "Insider Threat Management" | < 7.14.3.69 Search vendor "Proofpoint" for product "Insider Threat Management" and version " < 7.14.3.69" | - |
Affected
| ||||||