Medium severity4.1NVD Advisory· Published Jun 13, 2024· Updated Jun 17, 2026
CVE-2024-4176
CVE-2024-4176
Description
An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.
Affected products
2- Range: < this release
- Trellix/Trellix EDR UI (XConsole)v5Range: Earlier than May 17, 2024
Patches
Vulnerability mechanics
References
1- thrive.trellix.com/s/article/000013455nvdPermissions Required
News mentions
0No linked articles in our index yet.