SB10228 ePO Reflected Cross-Site Scripting vulnerability
CVE-2018-6659

3.7LOW

Key Information:

Vendor: Mcafee
Status: Epolicy Orchestrator (epo)
Vendor: CVE Published:; 9 March 2018

Summary

Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.

Affected Version(s)

ePolicy Orchestrator (ePO) 5.3.2

ePolicy Orchestrator (ePO) 5.3.1

ePolicy Orchestrator (ePO) 5.3.0

References

http://www.securityfocus.com/bid/103392

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1040884

vdb-entryx_refsource_SECTRACK

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 9, 2018
Vulnerability Reserved
Feb 6, 2018