Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-23881
PUBLISHED
More InfoOfficial Page
Assigner-trellix
Assigner Org ID-01626437-bf8f-4d1c-912a-893b5eb04808
View Known Exploited Vulnerability (KEV) details
Published At-10 Feb, 2021 | 10:30
Updated At-17 Sep, 2024 | 01:41
Rejected At-
▼CVE Numbering Authority (CNA)
Stored Cross Site Scripting in ENS

A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy.

Affected Products
Vendor
McAfee, LLCMcAfee LLC
Product
Endpoint Security (ENS) for Windows
Versions
Affected
  • From 10.7.x before 10.7.0 February 2021 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
3.14.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kc.mcafee.com/corporate/index?page=content&id=SB10345
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kc.mcafee.com/corporate/index?page=content&id=SB10345
x_refsource_CONFIRM
x_transferred
Details not found