Описание
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
Ссылки
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.7.0 (исключая)
cpe:2.3:a:mcafee:endpoint_security:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 54%
0.0031
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 3 лет назад
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
EPSS
Процентиль: 54%
0.0031
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79