CVE-2017-3902

medium

Description

Cross-site scripting (XSS) vulnerability in the Web user interface (UI) in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation.

References

http://www.securityfocus.com/bid/96465

http://www.securitytracker.com/id/1037628

https://kc.mcafee.com/corporate/index?page=content&id=SB10184

Details

Source: MITRE

Published: 2017-02-13

Updated: 2017-07-26

Type: CWE-79

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.3

Severity: MEDIUM