CVE-2020-15914 Information

Description

A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account or to control or monitor the Origin text chat window.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/Monairy/Security-Advisories/blob/master/CVE202020-15914 https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4