CVE-2020-15914

A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target users Origin client. An attacker could use this vulnerability to access sensitive data related to the target users Origin account, or to control or monitor the Origin text chat window.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
eaorigin_client
𝑥
≤ 10.5.86
eaorigin_client
𝑥
≤ 10.5.86
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914
https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client
https://github.com/Monairy/Security-Advisories/blob/master/CVE%202020-15914
https://www.ea.com/security/news/easec-2020-003-cross-site-scripting-vulnerability-in-origin-client