CVE-2021-4038

Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.
Configurations

Configuration 1 (hide)

cpe:2.3:a:mcafee:network_security_manager:*:*:*:*:*:*:*:*

History

16 Nov 2023, 03:06

Type Values Removed Values Added
References () https://kc.mcafee.com/corporate/index?page=content&id=SB10375 - () https://kc.mcafee.com/corporate/index?page=content&id=SB10375 - Broken Link
CWE CWE-79

07 Nov 2023, 03:40

Type Values Removed Values Added
CWE CWE-79
References (CONFIRM) https://kc.mcafee.com/corporate/index?page=content&id=SB10375 - Patch, Vendor Advisory () https://kc.mcafee.com/corporate/index?page=content&id=SB10375 -

Information

Published : 2021-12-09 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-4038

Mitre link : CVE-2021-4038

CVE.ORG link : CVE-2021-4038


JSON object : View

Products Affected

mcafee

  • network_security_manager
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')