Cross Site Scripting vulnerability in ePO extension of MACC
CVE-2020-7309

3.9LOW

Key Information:

Vendor: Mcafee, Llc
Status: Mcafee Application And Change Control
Vendor: CVE Published:; 26 August 2020

Summary

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

Affected Version(s)

McAfee Application and Change Control 8.3.1

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.9

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 26, 2020
Vulnerability Reserved
Jan 21, 2020

Credit

McAfee credits Rares GOSMAN for responsibly reporting this flaw.