Vulnerability Details CVE-2020-15914
A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.6%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914
- https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client
- https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914
- https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client
Products affected by CVE-2020-15914
-
cpe:2.3:a:ea:origin_client:10.5.86