CVE-2020-7317 MEDIUM

CVE-2020-7317: ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability

Vendor Mcafee
Product ePolicy Orchistrator (ePO)
Weakness CWE-79 · XSS
Published October 14, 2020
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

4.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed.

Key dates

02Disclosure timeline

October 14, 2020 CVE published
August 4, 2024 Record updated