CVE-2024-0318

Name of the Vulnerable Software and Affected Versions FireEye HXTool version 4.6

Description This issue allows an attacker to store a specially crafted JavaScript payload in the Profile Name and Hostname/IP parameters. The payload will be triggered when items are loaded, potentially leading to Cross-Site Scripting.

Recommendations For FireEye HXTool version 4.6, consider restricting the use of the Profile Name and Hostname/IP parameters until a patch is available. As a temporary workaround, avoid using these parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.