CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-0317

Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products

Products affected by CVE-2024-0317

Fireeye » Ex 3500 » Version: N/A

cpe:2.3:h:fireeye:ex_3500:-
Fireeye » Ex 5500 » Version: N/A

cpe:2.3:h:fireeye:ex_5500:-
Fireeye » Ex 8500 » Version: N/A

cpe:2.3:h:fireeye:ex_8500:-
Fireeye » Ex 3500 Firmware » Version: 9.0.3.936727

cpe:2.3:o:fireeye:ex_3500_firmware:9.0.3.936727
Fireeye » Ex 5500 Firmwarea » Version: 9.0.3.936727

cpe:2.3:o:fireeye:ex_5500_firmwarea:9.0.3.936727
Fireeye » Ex 8500 Firmware » Version: 9.0.3.936727

cpe:2.3:o:fireeye:ex_8500_firmware:9.0.3.936727

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-0317

Products

Pricing

Contact Us