CVE-2021-31834

Published: Oct 22, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

Affected (12)

Products: Mcafee: Epolicy Orchestrator

Mcafee

1 product

Epolicy Orchestrator

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Mcafee Epolicy Orchestrator	Before 5.10.0
Mcafee Epolicy Orchestrator	Version 5.10.0
Mcafee Epolicy Orchestrator	Version 5.10.0 update_10
Mcafee Epolicy Orchestrator	Version 5.10.0 update_1
Mcafee Epolicy Orchestrator	Version 5.10.0 update_2
Mcafee Epolicy Orchestrator	Version 5.10.0 update_3
Mcafee Epolicy Orchestrator	Version 5.10.0 update_4
Mcafee Epolicy Orchestrator	Version 5.10.0 update_5
Mcafee Epolicy Orchestrator	Version 5.10.0 update_6
Mcafee Epolicy Orchestrator	Version 5.10.0 update_7
Mcafee Epolicy Orchestrator	Version 5.10.0 update_8
Mcafee Epolicy Orchestrator	Version 5.10.0 update_9

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10366

Source: trellixpsirt@trellix.com

Broken Link

https://kc.mcafee.com/corporate/index?page=content&id=SB10366

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.