CVE-2021-31851
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| McAfee,LLC | McAfee Policy Auditor | unspecified < 6.5.2 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-Site Scripting’)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.