SynopsisA security management application installed on the remote Windows host is affected by a reflected cross-site scripting vulnerability.
DescriptionThe version of McAfee ePolicy Orchestrator (ePO) installed on the remote Windows host is 5.1.x prior to 5.1.3 hotfix 1110787. It is, therefore, affected by a reflected cross-site scripting (XSS) vulnerability in the web user interface (UI), specifically within the ePO computer management services, due to a failure to properly validate user-supplied input to unspecified parameters. An authenticated, remote attacker can exploit this vulnerability, by convincing a user into requesting a specially crafted URL, to execute arbitrary script code in the user's browser session.
SolutionUpgrade to McAfee ePO version 5.1.3 hotfix 1110787 or later.