CVE-2021-31851
Cross-Site Scripting vulnerability in Policy Auditor
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
Una vulnerabilidad de tipo Cross-Site Scripting Reflejado en McAfee Policy Auditor versiones anteriores a 6.5.2, permite a un atacante remoto no autenticado inyectar secuencias de comandos web o HTML arbitrarias por medio de los parámetros de petición profileNodeID. El script malicioso es reflejado sin modificaciones en la interfaz basada en la web de Policy Auditor, que podría conllevar a una extracción de tokens de sesión o credenciales de inicio de sesión del usuario final. Estas pueden ser usadas para acceder a otras aplicaciones críticas para la seguridad o realizar peticiones arbitrarias entre dominios
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-04-27 CVE Reserved
- 2021-11-23 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://kc.mcafee.com/corporate/index?page=content&id=SB10372 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mcafee Search vendor "Mcafee" | Policy Auditor Search vendor "Mcafee" for product "Policy Auditor" | < 6.5.2 Search vendor "Mcafee" for product "Policy Auditor" and version " < 6.5.2" | - |
Affected
|