XSS Vulnerability in EDR XConsole Could Lead to Browser Command Execution
CVE-2024-4176
5.4MEDIUM
Key Information:
- Vendor
- Trellix
- Status
- Trellix Edr Ui (xconsole)
- Vendor
- CVE Published:
- 13 June 2024
Summary
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.
Affected Version(s)
Trellix EDR UI (XConsole) Earlier than May 17, 2024
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved