Cross-Site Scripting Vulnerabilities in McAfee ePolicy Orchestrator and Agent
CVE-2013-4883

Currently unrated

Key Information:

Vendor

Mcafee
Status
Epolicy Orchestrator
Epolicy Orchestrator Agent
Vendor
CVE Published:
22 July 2013

What is CVE-2013-4883?

This vulnerability allows remote attackers to exploit multiple cross-site scripting (XSS) points within McAfee ePolicy Orchestrator and the associated ePO Extension for the McAfee Agent. Attackers can inject arbitrary web scripts or HTML through several parameters, including instanceId, monitorUrl, uid, orion.user.security.token, and ajaxMode, across various functions in the product. Successful exploitation could result in unauthorized actions or data exposure, posing a significant risk to users and systems relying on this product.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://osvdb.org/95190
vdb-entryx_refsource_OSVDB
http://osvdb.org/95188
vdb-entryx_refsource_OSVDB
http://osvdb.org/95187
vdb-entryx_refsource_OSVDB

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.