Vulnerability Details CVE-2021-4038
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.0%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2021-4038
-
cpe:2.3:a:mcafee:network_security_manager:6.1.15
-
cpe:2.3:a:mcafee:network_security_manager:6.1.15.38
-
cpe:2.3:a:mcafee:network_security_manager:6.1.15.39
-
cpe:2.3:a:mcafee:network_security_manager:7.1.15
-
cpe:2.3:a:mcafee:network_security_manager:7.1.15.6
-
cpe:2.3:a:mcafee:network_security_manager:7.1.15.7
-
cpe:2.3:a:mcafee:network_security_manager:7.1.5
-
cpe:2.3:a:mcafee:network_security_manager:7.1.5.14
-
cpe:2.3:a:mcafee:network_security_manager:7.1.5.15
-
cpe:2.3:a:mcafee:network_security_manager:7.5.5
-
cpe:2.3:a:mcafee:network_security_manager:7.5.5.8
-
cpe:2.3:a:mcafee:network_security_manager:7.5.5.9
-
cpe:2.3:a:mcafee:network_security_manager:8.1.7
-
cpe:2.3:a:mcafee:network_security_manager:8.1.7.2
-
cpe:2.3:a:mcafee:network_security_manager:8.1.7.3
-
cpe:2.3:a:mcafee:network_security_manager:8.2.7.42.2
-
cpe:2.3:a:mcafee:network_security_manager:9.1
-
cpe:2.3:a:mcafee:network_security_manager:9.1.5.9
-
cpe:2.3:a:mcafee:network_security_manager:9.1.7.11
-
cpe:2.3:a:mcafee:network_security_manager:9.1.7.75
-
cpe:2.3:a:mcafee:network_security_manager:9.1.7.80
-
cpe:2.3:a:mcafee:network_security_manager:9.2
-
cpe:2.3:a:mcafee:network_security_manager:9.2.7.31