Vulnerabilities > Proofpoint > Enterprise Protection > 8.18.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2023-5770 | Inappropriate Encoding for Output Context vulnerability in Proofpoint Enterprise Protection 8.18.6/8.20.0/8.20.2 Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. | 5.4 |
| 2023-11-06 | CVE-2023-5771 | Cross-site Scripting vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. | 6.1 |
| 2023-03-08 | CVE-2023-0089 | Code Injection vulnerability in Proofpoint Enterprise Protection The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | 8.8 |
| 2023-03-08 | CVE-2023-0090 | Code Injection vulnerability in Proofpoint Enterprise Protection The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. | 9.8 |
| 2022-12-21 | CVE-2022-46334 | Improper Privilege Management vulnerability in Proofpoint Enterprise Protection Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. | 7.8 |
| 2022-12-06 | CVE-2022-46332 | Cross-site Scripting vulnerability in Proofpoint Enterprise Protection The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. | 9.6 |
| 2022-12-06 | CVE-2022-46333 | Code Injection vulnerability in Proofpoint Enterprise Protection The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. | 7.2 |