CVE-2023-5771

Name of the Vulnerable Software and Affected Versions Proofpoint Enterprise Protection versions 8.20.0 through 8.20.0 before patch 4796 Proofpoint Enterprise Protection versions 8.18.6 through 8.18.6 before patch 4795 Proofpoint Enterprise Protection versions prior to 8.18.6

Description The issue is a stored XSS vulnerability in the AdminUI of Proofpoint Enterprise Protection. An unauthenticated attacker can exploit this by sending a specially crafted email with HTML in the subject, which triggers XSS when viewing quarantined messages.

Recommendations For versions 8.20.0 before patch 4796, apply patch 4796 to resolve the issue. For versions 8.18.6 before patch 4795, apply patch 4795 to resolve the issue. For versions prior to 8.18.6, update to a version that includes the necessary patches, such as 8.18.6 with patch 4795 or later, or 8.20.0 with patch 4796 or later. As a temporary workaround, consider restricting access to the AdminUI or disabling the viewing of quarantined messages until a patch is applied.