Vulnerabilities > Fireeye > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-15 CVE-2024-0317 Cross-site Scripting vulnerability in Fireeye products
Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727.
network
low complexity
fireeye CWE-79
6.1
2024-01-15 CVE-2024-0318 Cross-site Scripting vulnerability in Fireeye Hxtool 4.6
Cross-Site Scripting in FireEye HXTool affecting version 4.6.
network
low complexity
fireeye CWE-79
6.1
2024-01-15 CVE-2024-0319 Open Redirect vulnerability in Fireeye Hxtool 4.6
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.
network
low complexity
fireeye CWE-601
6.1
2024-01-15 CVE-2024-0320 Cross-site Scripting vulnerability in Fireeye Malware Analysis 9.0.3.936530
Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530.
network
low complexity
fireeye CWE-79
6.1
2024-01-15 CVE-2024-0314 Cross-site Scripting vulnerability in Fireeye Central Management 9.1.1.956704
XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.
network
low complexity
fireeye CWE-79
6.1
2021-04-01 CVE-2021-28970 SQL Injection vulnerability in Fireeye Email Malware Protection System 9.0.1.923211
eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the job_id parameter to the email search feature.
network
low complexity
fireeye CWE-89
4.0
2021-04-01 CVE-2021-28969 SQL Injection vulnerability in Fireeye Email Malware Protection System 9.0.1.923211
eMPS 9.0.1.923211 on FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort_by parameter to the email search feature.
network
low complexity
fireeye CWE-89
4.0
2020-10-26 CVE-2020-25034 SQL Injection vulnerability in Fireeye Email Malware Protection System
eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature.
network
low complexity
fireeye CWE-89
4.0