Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-4883

Published: 22/07/2013 Updated: 22/08/2013
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Epolicy Orchestrator

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and previous versions, and the ePO Extension for the McAfee Agent (MA) 4.5 up to and including 4.6, allow remote malicious users to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.

Vulnerable Product Search on Vulmon Subscribe to Product

mcafee epolicy orchestrator 4.6.3

mcafee epolicy orchestrator 4.6.2

mcafee epolicy orchestrator agent 4.6

mcafee epolicy orchestrator 4.6.0

mcafee epolicy orchestrator 4.6.1

mcafee epolicy orchestrator 4.6.5

mcafee epolicy orchestrator 4.6.4

mcafee epolicy orchestrator

mcafee epolicy orchestrator agent 4.5

Exploits

Exploit DB: McAfee ePO 4.6.6 - Multiple Vulnerabilities
Classification: NON SENSITIVE INFORMATION RELEASABLE TO THE PUBLIC Multiple vulnerabilities in McAfee ePO 466 Affected Product: McAfee ePO 466 Build 176 & (potentially) earlier versions Timeline: 08 June 2013 - Vulnerability found 12 June 2013 - Vendor informed 12 June 2013 - Vendor replied/confirmed & opened serv ...

References

CWE-79http://osvdb.org/95188https://kc.mcafee.com/corporate/index?page=content&id=KB78824http://osvdb.org/95189http://www.securityfocus.com/archive/1/527228http://osvdb.org/95187http://osvdb.org/95190http://osvdb.org/95191http://www.securitytracker.com/id/1028803https://nvd.nist.govhttps://www.exploit-db.com/exploits/26807/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook