CVE-2013-4884

McAfee SuperScan 4.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Trustwave's SpiderLabs · textwebappswindows

https://www.exploit-db.com/exploits/27406

View Code ZIP pw:eip

References (6)

[Exploit] http://seclists.org/fulldisclosure/2013/Aug/68

[Exploit] http://www.exploit-db.com/exploits/27406

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=KB78992

[Exploit] https://www.trustwave.com/spiderlabs/advisories/TWSL2013-024.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/61640

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/86257

Scores

EPSS 0.0264

EPSS Percentile 85.5%

Details

CWE

CWE-79

Status published

Products (2)

mcafee/superscan

n/a/n/a

Published Jan 21, 2014

Tracked Since Feb 18, 2026