CVE-2019-3602 MEDIUM

CVE-2019-3602: Cross site scripting vulnerability in McAfee NSM impacting authenticated users

Vendor Mcafee, Llc
Product McAfee Network Security Manager (NSM)
Published May 15, 2019
Last update August 4, 2024

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML.

Key dates

02Disclosure timeline

May 15, 2019 CVE published
August 4, 2024 Record updated