CVE-2023-6072: XSS
First published: Tue Feb 13 2024(Updated: )
A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.
Credit: trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Trellix Central Management System | <9.1.3.97129 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-6072?
CVE-2023-6072 is classified as a cross-site scripting vulnerability that can allow an attacker to inject arbitrary content into the CM dashboard.
How do I fix CVE-2023-6072?
To fix CVE-2023-6072, upgrade Trellix Central Management to version 9.1.3.97129 or later.
What systems are affected by CVE-2023-6072?
CVE-2023-6072 affects Trellix Central Management System versions prior to 9.1.3.97129.
Who can exploit CVE-2023-6072?
A remote authenticated attacker can exploit CVE-2023-6072 to perform cross-site scripting attacks on the CM dashboard.
What kind of impact does CVE-2023-6072 have?
The impact of CVE-2023-6072 includes the potential for attackers to inject malicious content into the responses accessed by users on the CM dashboard.
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/trellix
- canonical/trellix central management system