CVE-2021-31835

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 51.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee,llc Mcafee Epolicy Orchestrator (epo)Mcafee Epolicy Orchestrator

Timeline

PublishedOct 22

Latest updateMay 24

Description

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDmcafee/epolicy_orchestrator< 5.10.0+1

▶CVEListV5mcafee,llc/mcafee_epolicy_orchestrator_(epo)unspecified — 5.10 CU 11

🔴Vulnerability Details

GHSA

GHSA-qvx2-3pfh-24vj: Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5↗2022-05-24

▶

CVEList

McAfee ePO Cross-Site Scripting vulnerability↗2021-10-22

▶