Cross-Site Scripting Vulnerability in Intel McAfee ePolicy Orchestrator
CVE-2015-4559

Currently unrated

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator
Vendor: CVE Published:; 15 June 2015

Summary

A cross-site scripting (XSS) vulnerability exists in the product deployment feature of Intel McAfee ePolicy Orchestrator prior to version 5.1.2. This flaw allows remote attackers to inject arbitrary web scripts or HTML into web pages viewed by users. Due to unspecified attack vectors, the injected code is executed when users interact with the compromised elements, potentially leading to data theft, session hijacking, or other malicious activities. Organizations using affected versions should ensure timely updates and implement web application security best practices.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1032671

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/91539

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jun 15, 2015
Vulnerability Reserved
Jun 15, 2015