Electronic Arts · Origin Client · CVE-2020-15914
**Name of the Vulnerable Software and Affected Versions**
Origin Client for Mac and PC versions 10.5.86 or earlier
**Description**
A cross-site scripting (XSS) issue exists that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. This could enable access to sensitive data related to the target user’s Origin account, or control and monitoring of the Origin text chat window.
**Recommendations**
For versions 10.5.86 or earlier, update to a version later than 10.5.86 to resolve the issue. As a temporary workaround, consider restricting the use of the Origin text chat window until a patch is available.