CVE-2021-31834

CVE-2021-31834: McAfee ePO Cross-Site Scripting vulnerability

Vendor Mcafee,Llc
Product McAfee ePolicy Orchestrator (ePO)
Weakness CWE-79 · XSS
Published October 22, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

Key dates

02Disclosure timeline

October 22, 2021 CVE published
August 3, 2024 Record updated