A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
References
| Link | Resource |
|---|---|
| https://kc.mcafee.com/corporate/index?page=content&id=SB10372 | Broken Link Vendor Advisory |
| https://kc.mcafee.com/corporate/index?page=content&id=SB10372 | Broken Link Vendor Advisory |
Configurations
History
21 Nov 2024, 06:06
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10372 - Broken Link, Vendor Advisory |
21 Nov 2023, 20:36
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10372 - Broken Link, Vendor Advisory | |
| CWE | CWE-79 |
07 Nov 2023, 03:35
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10372 - | |
| CWE |
Information
Published : 2021-11-23 20:15
Updated : 2024-11-21 06:06
NVD link : CVE-2021-31852
Mitre link : CVE-2021-31852
CVE.ORG link : CVE-2021-31852
JSON object : View
Products Affected
mcafee
- policy_auditor
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')