CVE-2021-31830

low-risk
Published 2021-06-03

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.

Do I need to act?

-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Database Security

Affected Vendors

Mcafee

References (2)

Broken Link https://kc.mcafee.com/corporate/index?page=content&id=SB10359
Broken Link https://kc.mcafee.com/corporate/index?page=content&id=SB10359
26
/ 100
low-risk
Severity 19/34 · Moderate
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal