CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0319 – Open Redirect vulnerability in FireEye HXTool
https://notcve.org/view.php?id=CVE-2024-0319
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. Vulnerabilidad de Open Redirect en FireEye HXTool que afecta a la versión 4.6, cuya explotación podría permitir a un atacante redirigir a un usuario legítimo a una página maliciosa cambiando el parámetro 'redirect_uri'. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0318 – Cross-Site Scripting in FireEye HXTool
https://notcve.org/view.php?id=CVE-2024-0318
Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded. Cross-Site Scripting en FireEye HXTool que afecta a la versión 4.6. Esta vulnerabilidad permite a un atacante almacenar un payload de JavaScript especialmente manipulado en los parámetros 'Profile Name' y 'Hostname/IP' que se activarán cuando se carguen elementos. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •