CVE-2013-4883 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6 allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid (7) orion.user.security.token or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid (10) orion.user.security.token or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
Reference
http://osvdb.org/95187 http://osvdb.org/95188 http://osvdb.org/95189 http://osvdb.org/95190 http://osvdb.org/95191 http://www.securityfocus.com/archive/1/527228 http://www.securitytracker.com/id/1028803 https://kc.mcafee.com/corporate/index?page=content&id=KB78824
Share on: