CVE-2019-3638

HIGH

McAfee Web Gateway 7.8.x < 7.8.2.13 - Reflected Cross-Site Scripting in Administrators Web Console

Title source: llm

Description

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kc.mcafee.com/corporate/index?page=content&id=SB10294

Scores

CVSS v3 8.1

EPSS 0.0101

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Details

CWE

CWE-79

Status published

Products (1)

mcafee/web_gateway 7.8.2 - 7.8.2.13

Published Sep 12, 2019

Tracked Since Feb 18, 2026