Cross-Site Scripting Vulnerability in McAfee IntruShield Network Security Manager
CVE-2009-3565

Currently unrated

Key Information:

Vendor: Mcafee
Status: Intrushield Network Security Manager
Vendor: CVE Published:; 13 November 2009

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in the Login.jsp module of McAfee IntruShield Network Security Manager, allowing remote attackers to inject arbitrary web scripts or HTML. This threat arises from the improper handling of the 'iaction' and 'node' parameters, which may lead to unauthorized access or web manipulation, potentially compromising the security of the affected systems.

References

http://securitytracker.com/id?1023171

vdb-entryx_refsource_SECTRACK

http://www.vupen.com/english/advisories/2009/3226

vdb-entryx_refsource_VUPEN

http://kc.mcafee.com/corporate/index?page=content&id=SB10004

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 13, 2009
Vulnerability Reserved
Oct 5, 2009