CVE-2014-2586

McAfee Cloud Single Sign On - Stored Cross-Site Scripting via Login Audit Form Password Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2586. PoCs published by Brandon Perry.

AI-analyzed exploit summary The document describes multiple vulnerabilities in McAfee Asset Manager v6.6, including an authenticated arbitrary file read via directory traversal and an authenticated SQL injection via the 'user' parameter in the audit report functionality. It provides technical details and example HTTP requests for exploitation.

Description

Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.

Exploits (1)

exploitdb WRITEUP
by Brandon Perry · textwebappsjsp
https://www.exploit-db.com/exploits/32368

The document describes multiple vulnerabilities in McAfee Asset Manager v6.6, including an authenticated arbitrary file read via directory traversal and an authenticated SQL injection via the 'user' parameter in the audit report functionality. It provides technical details and example HTTP requests for exploitation.

Classification
Writeup 90%
Attack Type
Sqli | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: McAfee Asset Manager v6.6
Auth required
Prerequisites: Authenticated access to the McAfee Asset Manager web interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66302
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Mar/325
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/32368

Scores

EPSS 0.0322
EPSS Percentile 86.6%

Details

CWE
CWE-79
Status published
Products (1)
mcafee/cloud_single_sign_on
Published Mar 24, 2014
Tracked Since Feb 18, 2026