Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross site Scripting (XSS) vulnerability in McAfee DBSec
Vulnerability Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.
CVSS Information
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
McAfee 数据库 跨站脚本漏洞
Vulnerability Description
Mcafee Database Security Server是美国迈克菲(Mcafee)公司的一款数据库安全软件。该软件可为用户提供数据库的整体情况和相应安全状况,实时保护关键业务数据库免受外部,内部和内部数据库威胁的侵害。 McAfee数据库4.8.2之前存在安全漏洞,该漏洞允许管理员在配置要监控的数据库名称时嵌入JavaScript代码。当任何授权用户登录到DBSec接口并打开此数据库的属性配置页面时,将触发此操作。
CVSS Information
N/A
Vulnerability Type
N/A