Cross-Site Scripting Vulnerabilities in McAfee ePolicy Orchestrator and Agent
CVE-2013-4883

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator; Epolicy Orchestrator Agent
Vendor: CVE Published:; 22 July 2013

Summary

This vulnerability allows remote attackers to exploit multiple cross-site scripting (XSS) points within McAfee ePolicy Orchestrator and the associated ePO Extension for the McAfee Agent. Attackers can inject arbitrary web scripts or HTML through several parameters, including instanceId, monitorUrl, uid, orion.user.security.token, and ajaxMode, across various functions in the product. Successful exploitation could result in unauthorized actions or data exposure, posing a significant risk to users and systems relying on this product.

References

http://osvdb.org/95190

vdb-entryx_refsource_OSVDB

http://osvdb.org/95188

vdb-entryx_refsource_OSVDB

http://osvdb.org/95187

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Jul 22, 2013
Vulnerability Reserved
Jul 21, 2013