CVE-2024-0317
Cross-Site Scripting in FireEye EX
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.
Cross site scripting en FireEye EX, que afectan a la versión 9.0.3.936727. La explotación de esta vulnerabilidad permite a un atacante enviar un payload de JavaScript especialmente manipulado a través de los parámetros 'type' y 's_f_name' a un usuario autenticado para recuperar los detalles de su sesión.
*Credits:
Albert Sánchez Miñano
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-08 CVE Reserved
- 2024-01-15 CVE Published
- 2024-08-01 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fireeye Search vendor "Fireeye" | Ex 5500 Firmwarea Search vendor "Fireeye" for product "Ex 5500 Firmwarea" | 9.0.3.936727 Search vendor "Fireeye" for product "Ex 5500 Firmwarea" and version "9.0.3.936727" | - |
Affected
| in | Fireeye Search vendor "Fireeye" | Ex 5500 Search vendor "Fireeye" for product "Ex 5500" | - | - |
Safe
|
| Fireeye Search vendor "Fireeye" | Ex 8500 Firmware Search vendor "Fireeye" for product "Ex 8500 Firmware" | 9.0.3.936727 Search vendor "Fireeye" for product "Ex 8500 Firmware" and version "9.0.3.936727" | - |
Affected
| in | Fireeye Search vendor "Fireeye" | Ex 8500 Search vendor "Fireeye" for product "Ex 8500" | - | - |
Safe
|
| Fireeye Search vendor "Fireeye" | Ex 3500 Firmware Search vendor "Fireeye" for product "Ex 3500 Firmware" | 9.0.3.936727 Search vendor "Fireeye" for product "Ex 3500 Firmware" and version "9.0.3.936727" | - |
Affected
| in | Fireeye Search vendor "Fireeye" | Ex 3500 Search vendor "Fireeye" for product "Ex 3500" | - | - |
Safe
|