CVE-2024-0317

Name of the Vulnerable Software and Affected Versions FireEye EX version 9.0.3.936727

Description The issue is related to Cross-Site Scripting (XSS) in FireEye EX. An attacker can exploit this by sending a specially crafted JavaScript payload via the type and s f name parameters to an authenticated user, allowing them to retrieve the user's session details.

Recommendations For FireEye EX version 9.0.3.936727, as a temporary workaround, consider disabling the use of the type and s f name parameters until a patch is available. Restrict access to authenticated users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.