CVE-2024-5955 MEDIUM

CVE-2024-5955

Vendor Trellix

Product ePO Onprem Sp1 Update4

Weakness CWE-79 · XSS

Published December 20, 2024

Last update December 20, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator.

Key dates

02Disclosure timeline

December 20, 2024 CVE published

December 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-5955 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-24376 WordPress WP Simple Events Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-23935 WordPress Magic Google Maps plugin <= 1.0.4 - Cross Site Scripting (XSS) vulnerability CVE-2025-48297 WordPress Simple Link Directory < 14.8.1 - Cross Site Scripting (XSS) Vulnerability CVE-2025-30593 WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability CVE-2024-3989 HT Mega – Absolute Addons For Elementor <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Justify

Identifiers

CVE CVE-2024-5955

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Trellix

Product ePO Onprem Sp1 Update4

Affected sp1 update3 and versions prior