CVE-2023-5770 MEDIUM

CVE-2023-5770: HTML injection in email body through email subject

Vendor Proofpoint
Product Proofpoint Enterprise Protection
Weakness CWE-838
Published January 9, 2024
Last update June 3, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions.

Key dates

02Disclosure timeline

January 9, 2024 CVE published
June 3, 2025 Record updated