Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTML injection in email body through email subject
Vulnerability Description
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
输出上下文语义编码不恰当
Vulnerability Title
Proofpoint Enterprise Protection 安全漏洞
Vulnerability Description
Proofpoint Enterprise Protection是美国Proofpoint公司的一个应用程序。提供了保护电子邮件的功能。 Proofpoint Enterprise Protection 8.20.2 patch 4809之前、8.20.0 patch 4805之前、8.18.6 patch 4804之前版本存在安全漏洞,该漏洞源于在发送重写电子邮件时编码不当,允许未经身份验证的攻击者通过电子邮件主题将编码不正确的 HTML 注入邮件正文中。
CVSS Information
N/A
Vulnerability Type
N/A