CVE-2020-7318 MEDIUM

CVE-2020-7318: ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability

Vendor Mcafee
Product ePolicy Orchistrator (ePO)
Weakness CWE-79 · XSS
Published October 14, 2020
Last update August 4, 2024

CVSS base score

4.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

Key dates

02Disclosure timeline

October 14, 2020 CVE published
August 4, 2024 Record updated