CVE-2021-4038 – NSM vulnerable to XSS
https://notcve.org/view.php?id=CVE-2021-4038
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en McAfee Network Security Manager (NSM) versiones anteriores a 10.1 Minor 7, permite a un administrador remoto autenticado insertar una vulnerabilidad de tipo XSS en la interfaz del administrador por medio de reglas personalizadas especialmente diseñadas que contienen HTML. NSM no saneaba correctamente el contenido de las reglas personalizadas en todos los casos • https://kc.mcafee.com/corporate/index?page=content&id=SB10375 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-7256 – Network Security Management (NSM) - Cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7256
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Una vulnerabilidad de tipo Cross site scripting en McAfee Network Security Management (NSM) versiones anteriores a 9.1 actualización del 6 de marzo de 2020. La actualización permite a atacantes un impacto no especificado por medio de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-7258 – Network Security Management (NSM) - Cross site scripting vulnerability
https://notcve.org/view.php?id=CVE-2020-7258
Cross site scripting vulnerability in McAfee Network Security Management (NSM) Prior to 9.1 update 6 Mar 2020 Update allows attackers to unspecified impact via unspecified vectors. Una vulnerabilidad de tipo Cross site scripting en McAfee Network Security Management (NSM) versiones anteriores 9.1 actualización del 6 de marzo de 2020. La actualización permite a atacantes un impacto no especificado por medio de vectores no especificados. • https://kc.mcafee.com/corporate/index?page=content&id=SB10310 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-3602 – Cross site scripting vulnerability in McAfee NSM impacting authenticated users
https://notcve.org/view.php?id=CVE-2019-3602
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. Vulnerabilidad de tipo Cross Site Scripting (XSS) en Network Security Manager (NSM) de McAfee anterior de la versión 9.1 actualización 5, permite a un administrador autenticado insertar un XSS en la interfaz del administrador por medio de una regla personalizada especialmente creada con contenido HTML. • http://www.securityfocus.com/bid/108400 https://kc.mcafee.com/corporate/index?page=content&id=SB10281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-3606 – Data leakage when in an MDR pair by McAfee Network Security Manager 9.x
https://notcve.org/view.php?id=CVE-2019-3606
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management (NSM) 9.1 < 9.1.7.75 (Update 4) and 9.2 < 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands. Vulnerabilidad de filtrado de datos en el componente del portal web cuando está en modo de emparejado MDR en McAfee Network Security Management (NSM), en versiones 9.1 anteriores a la 9.1.7.75 (Update 4) y versiones 9.2 anteriores a la 9.2.7.31 Update2, permite que los administradores visualicen la información de configuración en texto plano mediante la GUI o los comandos del terminal de la GUI. • http://www.securityfocus.com/bid/107613 https://kc.mcafee.com/corporate/index?page=content&id=SB10274 • CWE-312: Cleartext Storage of Sensitive Information •