Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-7318Cross-site Scripting in Epolicy Orchistrator

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
CNA4.6
EPSS
12.5%
top 6.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Mcafee Epolicy OrchistratorMcafee Epolicy Orchestrator
Timeline
PublishedOct 14
Latest updateMay 24

Description

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.7

Affected Packages2 packages

NVDmcafee/epolicy_orchestrator5.10.05.10.9
CVEListV5mcafee/epolicy_orchistratorunspecified5.10.9 update 9

🔴Vulnerability Details

2
GHSA
GHSA-9ww8-f379-fqcj: Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 52022-05-24
CVEList
ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability2020-10-14

💥Exploits & PoCs

1
Nuclei
McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting
CVE-2020-7318 — Cross-site Scripting in Mcafee | cvebase