CVE-2020-7333: Cross-site Scripting (XSS) in firewall ePO extension of McAfee Endpoint Security (ENS)
First published: Wed Nov 11 2020(Updated: )
Cross site scripting vulnerability in the firewall ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update allows administrators to inject arbitrary web script or HTML via the configuration wizard.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Endpoint Security | <10.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this cross site scripting vulnerability?
The vulnerability ID for this cross site scripting vulnerability is CVE-2020-7333.
What is the affected software for this vulnerability?
The affected software is McAfee Endpoint Security (ENS) prior to 10.7.0 November 2020 Update.
How does the vulnerability occur?
The vulnerability occurs when administrators inject arbitrary web script or HTML via the configuration wizard of the firewall ePO extension of McAfee Endpoint Security (ENS).
What is the severity of this vulnerability?
The severity of this vulnerability is medium.
How can I fix this vulnerability?
To fix this vulnerability, update McAfee Endpoint Security (ENS) to version 10.7.0 November 2020 Update or later.
- collector/nvd-index
- collector/nvd-api
- agent/author
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/weakness
- agent/references
- agent/softwarecombine
- agent/event
- agent/tags
- agent/description
- agent/first-publish-date
- vendor/mcafee
- canonical/mcafee endpoint security