A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: trellix

Published: 2021-11-23T19:16:50

Updated: 2024-08-03T23:10:30.288Z

Reserved: 2021-04-27T00:00:00

Link: CVE-2021-31852

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-11-23T20:15:10.727

Modified: 2024-11-21T06:06:21.447

Link: CVE-2021-31852

cve-icon Redhat

No data.