CVE-2012-4580

2022-10-0316:15:33

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-4580

xss

vulnerability

mcafee

web security

ews

mcafee email gateway

meg

patch

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard.

Affected configurations

NVD

Node

mcafeeemail_and_web_securityMatch5.0

mcafeeemail_and_web_securityMatch5.5

mcafeeemail_and_web_securityMatch5.6

mcafeeemail_gatewayMatch7.0

CPENameOperatorVersion
mcafee:email_and_web_securitymcafee email and web securityeq5.0
mcafee:email_and_web_securitymcafee email and web securityeq5.5
mcafee:email_and_web_securitymcafee email and web securityeq5.6
mcafee:email_gatewaymcafee email gatewayeq7.0

CPE	Name	Operator	Version
mcafee:email_and_web_security	mcafee email and web security	eq	5.0
mcafee:email_and_web_security	mcafee email and web security	eq	5.5
mcafee:email_and_web_security	mcafee email and web security	eq	5.6
mcafee:email_gateway	mcafee email gateway	eq	7.0