CVE-2021-23889

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
trellixCNA
3.5 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
mcafeeepolicy_orchestrator
𝑥
< 5.10.0
mcafeeepolicy_orchestrator
5.10.0
mcafeeepolicy_orchestrator
5.10.0:update_1
mcafeeepolicy_orchestrator
5.10.0:update_2
mcafeeepolicy_orchestrator
5.10.0:update_3
mcafeeepolicy_orchestrator
5.10.0:update_4
mcafeeepolicy_orchestrator
5.10.0:update_5
mcafeeepolicy_orchestrator
5.10.0:update_6
mcafeeepolicy_orchestrator
5.10.0:update_7
mcafeeepolicy_orchestrator
5.10.0:update_8
mcafeeepolicy_orchestrator
5.10.0:update_9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10352
https://kc.mcafee.com/corporate/index?page=content&id=SB10352