XSS in Mcafee Epolicy_orchestrator

CVE-2013-4883

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.034 (87.7th percentile) — read the EPSS interpretation.

Affected products

Mcafee Epolicy_orchestrator — versions 4.6.0, 4.6.1, 4.6.2
Mcafee Epolicy_orchestrator_agent — versions 4.5, 4.6
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

95190 (x_refsource_OSVDB, vdb-entry)
95188 (x_refsource_OSVDB, vdb-entry)
95187 (x_refsource_OSVDB, vdb-entry)
95191 (x_refsource_OSVDB, vdb-entry)
95189 (x_refsource_OSVDB, vdb-entry)
20130712 Multiple vulnerabilities in McAfee ePO 4.6.6 (mailing-list, x_refsource_BUGTRAQ)
1028803 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)