Lucene search

GoogleOSV:CVE-2024-0318

HistoryJan 15, 2024 - 5:15 p.m.

CVE-2024-0318

2024-01-1517:15:09

Google

osv.dev

cve-2024-0318

cross-site scripting

fireeye hxtool

version 4.6

vulnerability

javascript payload

profile name

hostname/ip

execution

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the ‘Profile Name’ and ‘Hostname/IP’ parameters that will be triggered when items are loaded.

CPENameOperatorVersion
hxtooleqrelease-4.5.0-final
hxtooleqrelease-2.0
hxtooleqrelease-3.0
hxtooleqrelease-3.0.0
hxtooleqrelease-4.0
hxtooleqrelease-4.5.1
hxtooleqrelease-4.5.1.2
hxtooleqrelease-3.2.0
hxtooleqrelease-3.1
hxtooleqrelease-4.0.1

Name	Operator	Version
hxtool	eq	release-4.5.0-final
hxtool	eq	release-2.0
hxtool	eq	release-3.0
hxtool	eq	release-3.0.0
hxtool	eq	release-4.0
hxtool	eq	release-4.5.1
hxtool	eq	release-4.5.1.2
hxtool	eq	release-3.2.0
hxtool	eq	release-3.1
hxtool	eq	release-4.0.1

Rows per page:

1-10 of 161

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.2 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for OSV:CVE-2024-0318