CVE-2017-3902

Published: Feb 13, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.

Affected (4)

Products: Mcafee: Epolicy Orchestrator

1 product

Epolicy Orchestrator

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mcafee Epolicy Orchestrator	Version 5.1.0
Mcafee Epolicy Orchestrator	Version 5.1.1
Mcafee Epolicy Orchestrator	Version 5.1.2
Mcafee Epolicy Orchestrator	Version 5.1.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

http://www.securityfocus.com/bid/96465

Source: secure@intel.com

http://www.securitytracker.com/id/1037628

Source: secure@intel.com

https://kc.mcafee.com/corporate/index?page=content&id=SB10184

Source: secure@intel.com

PatchVendor Advisory

http://www.securityfocus.com/bid/96465

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1037628

Source: af854a3a-2127-422b-91ae-364da2661108

https://kc.mcafee.com/corporate/index?page=content&id=SB10184

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.