Cross-Site Scripting Vulnerabilities in McAfee ePolicy Orchestrator and Agent
CVE-2013-4883

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator; Epolicy Orchestrator Agent
Vendor: CVE Published:; 22 July 2013

What is CVE-2013-4883?

This vulnerability allows remote attackers to exploit multiple cross-site scripting (XSS) points within McAfee ePolicy Orchestrator and the associated ePO Extension for the McAfee Agent. Attackers can inject arbitrary web scripts or HTML through several parameters, including instanceId, monitorUrl, uid, orion.user.security.token, and ajaxMode, across various functions in the product. Successful exploitation could result in unauthorized actions or data exposure, posing a significant risk to users and systems relying on this product.

References

http://osvdb.org/95190

vdb-entryx_refsource_OSVDB

http://osvdb.org/95188

vdb-entryx_refsource_OSVDB

http://osvdb.org/95187

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2013
Vulnerability Reserved
Jul 21, 2013

Mcafee

What is CVE-2013-4883?

References

Timeline