CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
17.0%
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the ‘type’ and ‘s_f_name’ parameters to an authenticated user to retrieve their session details.
Vendor | Product | Version | CPE |
---|---|---|---|
fireeye | ex_5500_firmwarea | 9.0.3.936727 | cpe:2.3:o:fireeye:ex_5500_firmwarea:9.0.3.936727:*:*:*:*:*:*:* |
fireeye | ex_5500 | - | cpe:2.3:h:fireeye:ex_5500:-:*:*:*:*:*:*:* |
fireeye | ex_8500_firmware | 9.0.3.936727 | cpe:2.3:o:fireeye:ex_8500_firmware:9.0.3.936727:*:*:*:*:*:*:* |
fireeye | ex_8500 | - | cpe:2.3:h:fireeye:ex_8500:-:*:*:*:*:*:*:* |
fireeye | ex_3500_firmware | 9.0.3.936727 | cpe:2.3:o:fireeye:ex_3500_firmware:9.0.3.936727:*:*:*:*:*:*:* |
fireeye | ex_3500 | - | cpe:2.3:h:fireeye:ex_3500:-:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "FireEye EX",
"vendor": "FireEye ",
"versions": [
{
"status": "affected",
"version": "9.0.3.936727"
}
]
}
]