CVE-2023-5770

MEDIUM Year: 2023
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-838
View all →

Vulnerability Description

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

Related Vulnerabilities

CVE-2023-6512

MEDIUM
CVSS:6.5(Medium)

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML p...

CWE-8382023

CVE-2020-7292

MEDIUM
CVSS:4.3(Medium)

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to ...

CWE-8382020

CVE-2024-34006

MEDIUM
CVSS:4.3(Medium)

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered.

CWE-8382024

CVE-2020-29135

MEDIUM
CVSS:4.1(Medium)

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).

CWE-8382020

CVE-2019-6110

MEDIUM
CVSS:6.8(Medium)

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI co...

CWE-8382019

CVE-2019-18981

CRITICAL
CVSS:9.8(Critical)

Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

CWE-8382019