CVE-2017-3902

EUVD-2017-13019
Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
mcafeeepolicy_orchestrator
5.1.0
mcafeeepolicy_orchestrator
5.1.1
mcafeeepolicy_orchestrator
5.1.2
mcafeeepolicy_orchestrator
5.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/96465
http://www.securitytracker.com/id/1037628
https://kc.mcafee.com/corporate/index?page=content&id=SB10184
http://www.securityfocus.com/bid/96465
http://www.securitytracker.com/id/1037628
https://kc.mcafee.com/corporate/index?page=content&id=SB10184