Description
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Asheesh Anaconda · textremotemultiple
https://www.exploit-db.com/exploits/38368
References (5)
Core 5
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/120721/McAfee-Vulnerability-Manager-7.5-Cross-Site-Scripting.html
Third Party Advisory x_refsource_misc
http://www.tenable.com/plugins/index.php?view=single&id=65738
Various Sources x_refsource_misc
http://asheesh2000.blogspot.com/2013/08/mcafee-vulnerability-manager-75-cross.html
Vendor Advisory x_refsource_misc
https://kc.mcafee.com/corporate/index?page=content&id=KB77772
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/58401
Scores
EPSS
0.0558
EPSS Percentile
90.4%
Details
CWE
CWE-79
Status
published
Products (1)
mcafee/vulnerability_manager
7.5
Published
Jan 28, 2014
Tracked Since
Feb 18, 2026