CVE-2020-7333
MEDIUMMcAfee Endpoint Security < 10.7.0 - Authenticated Cross-Site Scripting in Firewall ePO Extension Configuration Wizard
Title source: llmDescription
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
References (1)
Core 1
Core References
Broken Link, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10335
Scores
CVSS v3
4.8
EPSS
0.0041
EPSS Percentile
61.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
mcafee/endpoint_security
< 10.7.0
Published
Nov 12, 2020
Tracked Since
Feb 18, 2026