VYPR
Unrated severityNVD Advisory· Published Feb 10, 2021· Updated Sep 17, 2024

Stored Cross Site Scripting in ENS

CVE-2021-23881

Description

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.

Affected products

2
  • Range: <10.7.0 February 2021 Update
  • McAfee LLC/Endpoint Security (ENS) for Windowsv5
    Range: 10.7.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.