McAfee ePolicy Orchestrator Reflected XSS

Description

Prior to 5.10.9 Update 9, a Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) allowed administrators to inject arbitrary web script or HTML via multiple parameters that were not properly sanitised.

Recommendations

• Update McAfee ePolicy Orchestrator to the latest version

Written by

Sooraj V Nair

Cyber Security Engineer