Cross-Site Scripting Vulnerability in Trellix Central Management (CM)

CVE-2023-6072 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard.

Learn more about our Internal Network Penetration Testing.