Stored Cross-Site Scripting Vulnerability in Proofpoint Enterprise Protection's Admin Smart Search Feature

Stored Cross-Site Scripting Vulnerability in Proofpoint Enterprise Protection's Admin Smart Search Feature

CVE-2022-46332 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.

Learn more about our User Device Pen Test.