Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-4176

An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.

Published

2024-06-13T09:15:14.217

Last Modified

2024-11-21T09:42:20.253

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trellix	xconsole	≤ 2024-05-17	Yes

References

https://thrive.trellix.com/s/article/000013455 Permissions Required ([email protected])
https://thrive.trellix.com/s/article/000013455 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)