CVE-2020-15914

Опубликовано: 02 нояб. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window.

Ссылки

https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914
Third Party Advisory
https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client
Vendor Advisory
https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914
Third Party Advisory
https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ea:origin_client:*:*:*:*:*:mac_os:*:*

Версия до 10.5.86 (включая)

cpe:2.3:a:ea:origin_client:*:*:*:*:*:windows:*:*

Версия до 10.5.86 (включая)

EPSS

Процентиль: 42%

0.00203

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jvr6-pc69-7w54

github

больше 3 лет назад

A cross-site scripting (XSS) vulnerability exists in the Origin Client that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window.