CVE-2020-7318

MEDIUM NUCLEI

Mcafee Epolicy Orchestrator < 5.10.9 - XSS

Title source: rule

Description

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.

Nuclei Templates (1)

McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting

MEDIUMby dwisiswant0

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10332

Scores

CVSS v3 4.6

EPSS 0.1252

EPSS Percentile 94.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

mcafee/epolicy_orchestrator 5.10.0 - 5.10.9

Published Oct 14, 2020

Tracked Since Feb 18, 2026