CVE-2018-6659
LOWMcAfee ePolicy Orchestrator 5.3.0-5.3.2 and 5.9.0 - Authenticated Reflected Cross-Site Scripting
Title source: llmDescription
Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10228
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103392
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040884
Scores
CVSS v3
3.7
EPSS
0.0019
EPSS Percentile
40.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L
Details
CWE
CWE-79
Status
published
Products (4)
mcafee/epolicy_orchestrator
5.3.0
mcafee/epolicy_orchestrator
5.3.1
mcafee/epolicy_orchestrator
5.3.2
mcafee/epolicy_orchestrator
5.9.0
Published
Apr 02, 2018
Tracked Since
Feb 18, 2026