Advisory ID: SWRX-2009-001
Advisory Information
- Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
- Advisory ID: SWRX-2009-001
- Date published: Wednesday, November 11, 2009
- CVE: CVE-2009-3565
- CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
- Date of last update: Wednesday, November 11, 2009
- Vendors contacted: McAfee, Inc.
- Release mode: Coordinated release
- Discovered by: Daniel King, SecureWorks
Summary
McAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using vulnerable parameters in a specially-crafted URL to execute script in a victim's web browser within the security context of the Network Security Manager site.
PGP Signature (PC Users: You may need to right click your mouse and select "Save As")
Secureworks has been acquired by Sophos. To view all new blogs, including those on threat intelligence from the Counter Threat Unit, visit: https://news.sophos.com/en-us/.