According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to send the victim a malicious file that the victim would have to execute. According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability? An authorized attacker with guest privileges must send a victim a malicious site and convince them to open it. According to the CVSS metrics, successful exploitation of this vulnerability could lead to minor loss of confidentiality (C:L), integrity (I:L), and availability (A:N). What does that mean for this vulnerability? Successful exploitation of this vulnerability has limited impacts to Confidentiality and Integrity and no impact on Availability. An attacker would need to combine this vulnerability with other vulnerabilities to perform an attack.
Lidor B. with Orca Security