McAfee ePO Cross-site Scripting vulnerability
CVE-2021-23889

3.5LOW

Key Information:

Vendor: Mcafee,llc
Status: Mcafee Epolicy Orchestrator (epo)
Vendor: CVE Published:; 26 March 2021

Summary

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

Affected Version(s)

McAfee ePolicy Orchestrator (ePO) < 5.10 CU 10

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2021
Vulnerability Reserved
Jan 12, 2021