Cross-Site Scripting Vulnerability in McAfee Vulnerability Manager 7.5
CVE-2013-5094

Currently unrated

Key Information:

Vendor: Mcafee
Status: Vulnerability Manager
Vendor: CVE Published:; 28 January 2014

Summary

The vulnerability in McAfee Vulnerability Manager 7.5 allows attackers to leverage the cert_cn cookie parameter for injecting arbitrary web scripts or HTML. This type of Cross-Site Scripting (XSS) vulnerability can enable attackers to manipulate web pages viewed by other users, potentially leading to unauthorized access to sensitive information or interaction with the web application in unintended ways.

References

http://packetstormsecurity.com/files/120721/McAfee-Vulner...

x_refsource_MISC

http://www.tenable.com/plugins/index.php?view=single&id=6...

x_refsource_MISC

http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerabil...

x_refsource_MISC

Timeline

Vulnerability published
Jan 28, 2014
Vulnerability Reserved
Aug 9, 2013