CVE-2021-31851

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.8%

top 26.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee,llc Mcafee Policy Auditor Mcafee Policy Auditor

Timeline

PublishedNov 23

Latest updateMay 24

Description

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDmcafee/policy_auditor< 6.5.2

▶CVEListV5mcafee,llc/mcafee_policy_auditorunspecified — 6.5.2

🔴Vulnerability Details

GHSA

GHSA-jq47-gg3r-hq6r: A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6↗2022-05-24

▶

CVEList

Cross-Site Scripting vulnerability in Policy Auditor↗2021-11-23

▶