CVE-2020-7309 LOW

CVE-2020-7309: Cross Site Scripting vulnerability in ePO extension of MACC

Vendor Mcafee, Llc
Product McAfee Application and Change Control
Weakness CWE-79 · XSS
Published August 26, 2020
Last update September 16, 2024

CVSS base score

3.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section.

Key dates

02Disclosure timeline

August 26, 2020 CVE published
September 16, 2024 Record updated

Related vulnerabilities

04Related CVE