CVE-2024-0317 Information

Description

Cross-Site Scripting in FireEye EX affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the ’type’ and ’s_f_name’ parameters to an authenticated user to retrieve their session details.

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products