CVE-2017-3964 — Cross-site Scripting in Network Security Management

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 53.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Security Management Mcafee Network Security Manager

Timeline

PublishedApr 4

Latest updateMay 13

Description

Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to inject arbitrary web script or HTML via a URL parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5mcafee/network_security_management8.2 — 8.2.7.42.2

▶NVDmcafee/network_security_manager< 8.2.7.42.2

🔴Vulnerability Details

GHSA

GHSA-4w4x-65f4-79g2: Reflective Cross-Site Scripting (XSS) vulnerability in the web interface in McAfee Network Security Management (NSM) before 8↗2022-05-13

▶