A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window.
References
| Link | Resource |
|---|---|
| https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914 | Third Party Advisory |
| https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client | Vendor Advisory |
| https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914 | Third Party Advisory |
| https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914 - Third Party Advisory | |
| References | () https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client - Vendor Advisory |
Information
Published : 2020-11-02 21:15
Updated : 2024-11-21 05:06
NVD link : CVE-2020-15914
Mitre link : CVE-2020-15914
CVE.ORG link : CVE-2020-15914
JSON object : View
Products Affected
ea
- origin_client
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')