VYPR
Unrated severityNVD Advisory· Published Nov 23, 2021· Updated Aug 3, 2024

Cross-Site Scripting vulnerability in Policy Auditor

CVE-2021-31852

Description

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.

Affected products

2
  • McAfee/Policy Auditorllm-fuzzy2 versions
    <6.5.2+ 1 more
    • (no CPE)range: <6.5.2
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.