First published: Wed Aug 22 2012(Updated: )
Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
McAfee Email and Web Security | =5.0 | |
McAfee Email and Web Security | =5.5 | |
McAfee Email and Web Security | =5.6 | |
McAfee Email Gateway | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-4580 has been categorized as a medium severity vulnerability.
CVE-2012-4580 affects McAfee Email and Web Security versions 5.0, 5.5, and 5.6, as well as McAfee Email Gateway version 7.0.
To mitigate CVE-2012-4580, apply the latest patches provided by McAfee for the affected software versions.
CVE-2012-4580 is a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts.
Exploiting CVE-2012-4580 could enable attackers to execute arbitrary web scripts or HTML in a user's browser.