0 Results Found
              Back To Results
                Advisories

                McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability

                Advisory ID: SWRX-2009-001


                Advisory Information
                • Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability 
                • Advisory ID: SWRX-2009-001
                • Date published: Wednesday, November 11, 2009 
                • CVE: CVE-2009-3565
                • CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N) 
                • Date of last update: Wednesday, November 11, 2009 
                • Vendors contacted: McAfee, Inc. 
                • Release mode: Coordinated release 
                • Discovered by: Daniel King, SecureWorks

                Summary
                McAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using vulnerable parameters in a specially-crafted URL to execute script in a victim's web browser within the security context of the Network Security Manager site.

                Download the PDF

                PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

                SecureWorks CTU Public Key

                Related Content