Vulnerability Description
A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’s Origin account, or to control or monitor the Origin text chat window.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ea | Origin Client | <= 10.5.86 |
Related Weaknesses (CWE)
References
- https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914Third Party Advisory
- https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerabiliVendor Advisory
- https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914Third Party Advisory
- https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerabiliVendor Advisory
FAQ
What is CVE-2020-15914?
CVE-2020-15914 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin cl...
How severe is CVE-2020-15914?
CVE-2020-15914 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15914?
Check the references section above for vendor advisories and patch information. Affected products include: Ea Origin Client.