Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NFireeye Ex 3500
HWFireeyewszystkie wersjeFireeye Ex 3500 Firmware
OSFireeye9.0.3.936727Fireeye Ex 5500
HWFireeyewszystkie wersjeFireeye Ex 5500 Firmwarea
OSFireeye9.0.3.936727Fireeye Ex 8500
HWFireeyewszystkie wersjeFireeye Ex 8500 Firmware
OSFireeye9.0.3.936727
Related vulnerabilities
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attack...
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to co...
eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection atta...
Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnera...
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker ...