McAfee Policy Auditor is an agent-based IT assessment solution that leverages the Security Content Automation Protocol (SCAP) to automate the processes required for internal and external IT and security audits.A reflective cross-site scripting vulnerability exists in versions of McAfee Policy Auditor prior to 6.5.2. A remote unauthenticated attacker could exploit the vulnerability to inject arbitrary Web script or HTML via the profileNodeID request parameter.