CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4038 – NSM vulnerable to XSS
https://notcve.org/view.php?id=CVE-2021-4038
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en McAfee Network Security Manager (NSM) versiones anteriores a 10.1 Minor 7, permite a un administrador remoto autenticado insertar una vulnerabilidad de tipo XSS en la interfaz del administrador por medio de reglas personalizadas especialmente diseñadas que contienen HTML. NSM no saneaba correctamente el contenido de las reglas personalizadas en todos los casos • https://kc.mcafee.com/corporate/index?page=content&id=SB10375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7256 – Network Security Management (NSM) - Cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7256
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Una vulnerabilidad de tipo Cross site scripting en McAfee Network Security Management (NSM) versiones anteriores a 9.1 actualización del 6 de marzo de 2020. La actualización permite a atacantes un impacto no especificado por medio de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7258 – Network Security Management (NSM) - Cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7258
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Una vulnerabilidad de tipo Cross site scripting en McAfee Network Security Management (NSM) versiones anteriores 9.1 actualización del 6 de marzo de 2020. La actualización permite a atacantes un impacto no especificado por medio de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-3602 – Cross site scripting vulnerability in McAfee NSM impacting authenticated users
https://notcve.org/view.php?id=CVE-2019-3602
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. Vulnerabilidad de tipo Cross Site Scripting (XSS) en Network Security Manager (NSM) de McAfee anterior de la versión 9.1 actualización 5, permite a un administrador autenticado insertar un XSS en la interfaz del administrador por medio de una regla personalizada especialmente creada con contenido HTML. • http://www.securityfocus.com/bid/108400 https://kc.mcafee.com/corporate/index?page=content&id=SB10281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6681 – SB10244 - Network Security Management (NSM) - Abuse of Functionality vulnerability
https://notcve.org/view.php?id=CVE-2018-6681
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. Vulnerabilidad de abuso de funcionalidades en la interfaz web en McAfee Network Security Management (NSM) en versiones 9.1.7.11 y anteriores permite que usuarios autenticados puedan reflejar código HTML arbitrario en la página web de respuesta mediante la interfaz web de la aplicación. • https://kc.mcafee.com/corporate/index?page=content&id=SB10244 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •