CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

438 matches found

McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting

McAfee ePolicy Orchestrator before 5.10.9 Update 9 is vulnerable to a cross-site scripting vulnerability that allows administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. reference: -...

4.6CVSS5.8AI score0.12523EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:45 a.m.•7 views

CVE-2022-0861

A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some...

5.5CVSS6.7AI score0.00155EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:45 a.m.•7 views

CVE-2022-0862

A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from...

5.3CVSS7.1AI score0.00285EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:19 a.m.•4 views

CVE-2021-31835

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized...

4.8CVSS6.1AI score0.00249EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:12 a.m.•6 views

CVE-2022-0857

A reflected cross-site scripting XSS vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to...

6.1CVSS5.6AI score0.00206EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:12 a.m.•3 views

CVE-2022-0859

McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server restricted to...

6.7CVSS7.3AI score0.00036EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:12 a.m.•2 views

CVE-2022-0842

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data...

5.4CVSS7.4AI score0.00156EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:7 a.m.•6 views

CVE-2020-7317

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...

4.6CVSS6.1AI score0.00139EPSS

Exploits0References1