Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4883Cross-site Scripting in Epolicy Orchestrator

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
3.4%
top 12.52%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mcafee Epolicy OrchestratorMcafee Epolicy Orchestrator Agent
Timeline
PublishedJul 22
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.securit

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-r9hg-xvww-g7fp: Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 42022-05-17
CVEList
CVE-2013-4883: Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 42013-07-21

💥Exploits & PoCs

1
Exploit-DB
McAfee ePO 4.6.6 - Multiple Vulnerabilities2013-07-13
CVE-2013-4883 — Cross-site Scripting in Mcafee | cvebase