CVE-2024-0317

Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:fireeye:ex_5500_firmwarea:9.0.3.936727:*:*:*:*:*:*:*
cpe:2.3:h:fireeye:ex_5500:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:fireeye:ex_8500_firmware:9.0.3.936727:*:*:*:*:*:*:*
cpe:2.3:h:fireeye:ex_8500:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:fireeye:ex_3500_firmware:9.0.3.936727:*:*:*:*:*:*:*
cpe:2.3:h:fireeye:ex_3500:-:*:*:*:*:*:*:*

History

30 Jan 2024, 23:04

Type Values Removed Values Added
First Time Fireeye
Fireeye ex 3500 Firmware
Fireeye ex 5500 Firmwarea
Fireeye ex 5500
Fireeye ex 8500 Firmware
Fireeye ex 8500
Fireeye ex 3500
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:h:fireeye:ex_5500:-:*:*:*:*:*:*:*
cpe:2.3:o:fireeye:ex_8500_firmware:9.0.3.936727:*:*:*:*:*:*:*
cpe:2.3:o:fireeye:ex_3500_firmware:9.0.3.936727:*:*:*:*:*:*:*
cpe:2.3:h:fireeye:ex_3500:-:*:*:*:*:*:*:*
cpe:2.3:h:fireeye:ex_8500:-:*:*:*:*:*:*:*
cpe:2.3:o:fireeye:ex_5500_firmwarea:9.0.3.936727:*:*:*:*:*:*:*
References () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products - () https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products - Third Party Advisory

15 Jan 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-15 17:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-0317

Mitre link : CVE-2024-0317

CVE.ORG link : CVE-2024-0317


JSON object : View

Products Affected

fireeye

  • ex_8500
  • ex_3500
  • ex_5500_firmwarea
  • ex_8500_firmware
  • ex_3500_firmware
  • ex_5500
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')