CVE-2012-4580

McAfee EWS <5.5.6 & MEG <7.0.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10020

Scores

EPSS 0.0032

EPSS Percentile 54.4%

Classification

CWE

CWE-79

Status draft

Affected Products (4)

mcafee/email_and_web_security

mcafee/email_gateway

Timeline

Published Aug 22, 2012

Tracked Since Feb 18, 2026