Vulnerabilities > CVE-2024-4176 - Unspecified vulnerability in Trellix Xconsole

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

trellix

NVD

Published: 2024-06-13

Updated: 2024-11-21

Summary

An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.

Vulnerable Configurations

Part	Description	Count
Application	Trellix Trellix Xconsole *	1

References

https://thrive.trellix.com/s/article/000013455
https://thrive.trellix.com/s/article/000013455