5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
49.3%
A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator’s session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.
[
{
"vendor": "Trellix",
"product": "Trellix ePolicy Orchestrator (ePO)",
"versions": [
{
"version": "unspecified",
"lessThan": "5.10 Update 14",
"status": "affected",
"versionType": "custom"
}
]
}
]