Unrated severityNVD Advisory· Published Nov 23, 2021· Updated Aug 3, 2024
Cross-Site Scripting vulnerability in Policy Auditor
CVE-2021-31852
Description
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
Affected products
2<6.5.2+ 1 more
- (no CPE)range: <6.5.2
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- kc.mcafee.com/corporate/indexmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.