Prior to 5.10.9 Update 9, a Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) allowed administrators to inject arbitrary web script or HTML via multiple parameters that were not properly sanitised.
Recommendations
Update McAfee ePolicy Orchestrator to the latest version