CVE-2013-4883

McAfee ePolicy Orchestrator <4.6.6 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4883. PoCs published by Nuri Fattah.

AI-analyzed exploit summary This document describes multiple vulnerabilities in McAfee ePO 4.6.6, including SQL injection and reflected XSS. It provides detailed examples of exploit vectors but does not include executable code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.

Exploits (1)

exploitdb WRITEUP

by Nuri Fattah · textwebappswindows

https://www.exploit-db.com/exploits/26807

View Code ZIP pw:eip

This document describes multiple vulnerabilities in McAfee ePO 4.6.6, including SQL injection and reflected XSS. It provides detailed examples of exploit vectors but does not include executable code.

Classification

Writeup 100%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: McAfee ePO 4.6.6 Build 176

Auth required

Prerequisites: Authenticated access to McAfee ePO

MITRE ATT&CK