VYPR
Medium severity4.1NVD Advisory· Published Jun 13, 2024· Updated Jun 17, 2026

CVE-2024-4176

CVE-2024-4176

Description

An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user.

Affected products

2
  • Range: < this release
  • Trellix/Trellix EDR UI (XConsole)v5
    Range: Earlier than May 17, 2024

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.