CVE-2018-6659Cross-site Scripting in Epolicy Orchestrator

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
CNA3.7
EPSS
0.2%
top 59.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mcafee Epolicy Orchestrator
Timeline
PublishedApr 2
Latest updateMay 13

Description

Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5mcafee/epolicy_orchestrator4 versions+3
NVDmcafee/epolicy_orchestrator4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-96f4-3697-gj59: Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 52022-05-13
CVEList
SB10228 ePO Reflected Cross-Site Scripting vulnerability2018-04-02

💥Exploits & PoCs

1
Exploit-DB
Zoho ManageEngine ADManager Plus 6.6 (Build < 6659) - Privilege Escalation2019-04-16
CVE-2018-6659 — Cross-site Scripting in Mcafee | cvebase