Cross-Site Scripting Vulnerabilities in McAfee IntruShield Security Management System
CVE-2005-2186

Currently unrated

Key Information:

Vendor: Mcafee
Status: Intrushield Security Management System
Vendor: CVE Published:; 11 July 2005

Summary

The McAfee IntruShield Security Management System is susceptible to multiple cross-site scripting (XSS) vulnerabilities which allow remote authenticated users to inject arbitrary web scripts or HTML code. This occurs via the thirdMenuName and resourceName parameters in the SystemEvent.jsp, potentially leading to unauthorized access or manipulation of user sessions. Users are advised to implement immediate measures to mitigate risks associated with these vulnerabilities.

References

http://marc.info/?l=bugtraq&m=112076813804503&w=2

mailing-listx_refsource_BUGTRAQ

http://securitytracker.com/id?1014422

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/15961

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 11, 2005
Vulnerability Reserved
Jul 10, 2005