CVE-2021-23881
Stored Cross Site Scripting in ENS
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.
Una vulnerabilidad de tipo cross site scripting almacenado en la extensión ePO de McAfee Endpoint Security (ENS) versiones anteriores a 10.7.0 actualización de Febrero de 2021, permite a un administrador de ePO de ENS agregar un script a un evento de política que desencadenará el script para que sea ejecutado mediante una página de bloqueo del navegador cuando un usuario local que no es administrador activa la política
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-12 CVE Reserved
- 2021-02-10 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10345 | 2023-11-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mcafee Search vendor "Mcafee" | Endpoint Security Search vendor "Mcafee" for product "Endpoint Security" | < 10.7.0 Search vendor "Mcafee" for product "Endpoint Security" and version " < 10.7.0" | windows |
Affected
|