CVE-2020-7309

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:application_and_change_control:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:37

Type Values Removed Values Added
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10324 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10324 -
CVSS v2 : 3.5
v3 : 4.8
v2 : 3.5
v3 : 3.9

07 Nov 2023, 03:25

Type Values Removed Values Added
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10324 - Patch, Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10324 -

Information

Published : 2020-08-26 06:15

Updated : 2024-11-21 05:37


NVD link : CVE-2020-7309

Mitre link : CVE-2020-7309

CVE.ORG link : CVE-2020-7309


JSON object : View

Products Affected

mcafee

  • application_and_change_control
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')