CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-0317 – Cross-Site Scripting in FireEye EX
https://notcve.org/view.php?id=CVE-2024-0317
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details. Cross site scripting en FireEye EX, que afectan a la versión 9.0.3.936727. La explotación de esta vulnerabilidad permite a un atacante enviar un payload de JavaScript especialmente manipulado a través de los parámetros 'type' y 's_f_name' a un usuario autenticado para recuperar los detalles de su sesión. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •