6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
17.1%
Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.
Vendor | Product | Version | CPE |
---|---|---|---|
fireeye | malware_analysis | * | cpe:2.3:a:fireeye:malware_analysis:*:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "FireEye Malware Analysis (AX)",
"vendor": "FireEye ",
"versions": [
{
"status": "affected",
"version": "9.0.3.936530"
}
]
}
]