First published: Thu Dec 09 2021(Updated: )
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.
Credit: psirt@mcafee.com trellixpsirt@trellix.com
Affected Software | Affected Version | How to fix |
---|---|---|
McAfee Network Security Manager | <10.1.7.48 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-4038 is medium, with a severity value of 4.8.
CVE-2021-4038 affects McAfee Network Security Manager versions prior to 10.1 Minor 7.
A remote authenticated administrator can exploit CVE-2021-4038 by embedding a XSS in the administrator interface via specially crafted custom rules containing HTML.
The Common Weakness Enumeration (CWE) ID for CVE-2021-4038 is 79.
To fix CVE-2021-4038 in McAfee Network Security Manager, update to version 10.1 Minor 7 or later.