Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
McAfee ePolicy Orchestrator 跨站脚本漏洞
Vulnerability Description
McAfee ePolicy Orchestrator(ePO)和McAfee Agent(MA)都是美国迈克菲(McAfee)公司的产品。ePO是一套可实现对系统、网络等进行集中管理的安全管理软件。MA是一套可定期从服务器中下载更新、策略、任务等的代理程序。 McAfee ePolicy Orchestrator 4.6.6及之前的版本,ePO Extension for the McAfee Agent (MA) 4.5至4.6版本中存在多个跨站脚本漏洞。远程攻击者可利用该漏洞借助多个参数注入任意We
CVSS Information
N/A
Vulnerability Type
N/A