CVE-2020-7318
published 2020-10-14CVE-2020-7318: Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML…
PriorityP419medium4.3CVSS 3.1
AVAACLPRHUIRSCCLILAN
EXPLOIT
EPSS
1.02%
59.2th percentile
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mcafee | epolicy_orchestrator | 5.10.0 – 5.10.9 | — |
| mcafee | epolicy_orchistrator | >= unspecified < 5.10.9 update 9 | 5.10.9 update 9 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.02.3LOWAV:A/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2020-7318 [MEDIUM] McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting
McAfee ePolicy Orchestrator "
condition: and
- type: status
status:
- 200
# digest: 490a004630440220055f85fbf4ab2634c8c2404c1a812355156c4a5f538eab5c7e68401a7bab7726022044a036d8f6a3ee3be204782457e3b2fa0ca73710f9f51e0bed69e6aa329990e3:922c64590222798bb761d5b6d8e72950
2020-10-14
Published