CVE-2020-7309
Summary
| CVE | CVE-2020-7309 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-08-26 06:15:00 UTC |
| Updated | 2023-11-07 03:25:00 UTC |
| Description | Cross Site Scripting vulnerability in ePO extension in McAfee Application Control (MAC) prior to 8.3.1 allows administrators to inject arbitrary web script or HTML via specially crafted input in the policy discovery section. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mcafee | Application And Change Control | All | All | All | All |
| Application | Mcafee | Application And Change Control | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| McAfee Security Bulletin - Application and Change Control update fixes Cross Site Scripting vulnerability (CVE-2020-7309) | CONFIRM | kc.mcafee.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: McAfee credits Rares GOSMAN for responsibly reporting this flaw.
There are currently no legacy QID mappings associated with this CVE.