CVE-2014-2586

McAfee Cloud SSO - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.

Exploits (1)

exploitdb WRITEUP

by Brandon Perry · textwebappsjsp

https://www.exploit-db.com/exploits/32368

View Code ZIP pw:eip

References (5)

[Exploit] http://packetstormsecurity.com/files/125775/McAfee-Cloud-SSO-Asset-Manager-Issues.html

[Exploit] http://seclists.org/fulldisclosure/2014/Mar/325

[Exploit] http://www.exploit-db.com/exploits/32368

[Exploit] http://www.securityfocus.com/bid/66302

[Exploit] https://twitter.com/BrandonPrry/status/445969380656943104

Scores

EPSS 0.0864

EPSS Percentile 92.4%

Details

CWE

CWE-79

Status published

Products (2)

mcafee/cloud_single_sign_on

n/a/n/a

Published Mar 24, 2014

Tracked Since Feb 18, 2026