nvd-json-data-feeds/CVE-2023/CVE-2023-28xx/CVE-2023-2819.json

{
  "id": "CVE-2023-2819",
  "sourceIdentifier": "security@proofpoint.com",
  "published": "2023-06-14T22:15:09.203",
  "lastModified": "2023-11-07T04:13:23.167",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type. \u202fThis could result in arbitrary javascript code execution in an admin context.\u202fAll versions prior to 5.10.0 are affected.\u202f\u00a0"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.7
      },
      {
        "source": "security@proofpoint.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    },
    {
      "source": "security@proofpoint.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:proofpoint:threat_response_auto_pull:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "5.10.0",
              "matchCriteriaId": "3821A290-3BCD-4C03-90CB-D001AC1590F7"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.proofpoint.com/us/security/security-advisories/pfpt-sa-2023-0002",
      "source": "security@proofpoint.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}