CVE-2022-3339 MEDIUM

CVE-2022-3339: Reflected XSS in Trellix ePO server

Vendor Trellix
Product Trellix ePolicy Orchestrator (ePO)
Weakness CWE-79 · XSS
Published October 18, 2022
Last update May 8, 2025
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.

Key dates

02Disclosure timeline

October 18, 2022 CVE published
May 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-7501 Wonder Slider Lite & Wonder Slider <= 14.4 - Authenticated (Contributor+) Dom-based Stored Cross-Site Scripting CVE-2021-32850 jQuery MiniColors vulnerable to Cross-site Scripting CVE-2025-28889 WordPress Custom Product Stickers for Woocommerce plugin <= 1.9.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-36209 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-38274 moodle: stored XSS via calendar's event title when deleting the event