CVE-2018-6681
MEDIUMMcAfee Network Security Manager < 9.1.7.11 - Authenticated Reflected Cross-Site Scripting via Appliance Web Interface
Title source: llmDescription
Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10244
Scores
CVSS v3
5.4
EPSS
0.0015
EPSS Percentile
35.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
mcafee/network_security_manager
< 9.1.7.11
Published
Jul 17, 2018
Tracked Since
Feb 18, 2026