Advisories

McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability

Wednesday, November 11, 2009

Advisory ID: SWRX-2009-001

Advisory Information

Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory ID: SWRX-2009-001
Date published: Wednesday, November 11, 2009
CVE: CVE-2009-3565
CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Date of last update: Wednesday, November 11, 2009
Vendors contacted: McAfee, Inc.
Release mode: Coordinated release
Discovered by: Daniel King, SecureWorks

Summary

McAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using vulnerable parameters in a specially-crafted URL to execute script in a victim's web browser within the security context of the Network Security Manager site.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key

Introducing Red Cloak™ Threat Detection & Response Webcast

BY INDUSTRY

2019 Gartner Magic Quadrant for Managed Security Services, Worldwide

Digital Transformation Executive Report

Has Poor Cyber Hygiene Reached Crisis Point?

Hiring superstars

McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability

Advisory ID: SWRX-2009-001

Advisory Information

Summary

Related Content

State of the [BRONZE] UNION Snapshot

A Peek into BRONZE UNION’s Toolbox

Vulnerability in ShoreTel Conferencing Platform