ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability
CVE-2020-7318
4.6MEDIUM
Summary
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Affected Version(s)
ePolicy Orchistrator (ePO) < 5.10.9 update 9
References
CVSS V3.1
Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database