CVE-2021-23881

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.3%

top 45.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee LLC Endpoint Security (ens) FOR Windows Mcafee Endpoint Security

Timeline

PublishedFeb 10

Latest updateMay 24

Description

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDmcafee/endpoint_security< 10.7.0

▶CVEListV5mcafee_llc/endpoint_security_(ens)_for_windows10.7.x — 10.7.0 February 2021

🔴Vulnerability Details

GHSA

GHSA-ffrc-37fw-2f8x: A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10↗2022-05-24

▶

CVEList

Stored Cross Site Scripting in ENS↗2021-02-10

▶