Back

CVE-2024-4176

June 13, 2024, 6:35 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

EDR XConsole

  • before this release

Source

trellixpsirt@trellix.com

Tags

CWE-79
trellixpsirt@trellix.com
2024-06-13
CVE-2024-4176

CVE-2024-4176 details

Published : June 13, 2024, 9:15 a.m.
Last Modified : June 13, 2024, 6:35 p.m.

Description

An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.

CVSS Score

1 2 3 4.1 5 6 7 8 9 10

Weakness

Weakness Name Description

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

Base Score

4.1

Exploitability Score

Impact Score

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N

References

URL Source
https://thrive.trellix.com/s/article/000013455 trellixpsirt@trellix.com
This website uses the NVD API, but is not approved or certified by it.