CVE-2009-3566

The CVE-2009-3566 issue affects McAfee IntruShield Network Security Manager (NSM) prior to 5.1.11.8.1, where the session ID cookie is issued without the HttpOnly flag, enabling an XSS-based theft of the session cookie and potential remote session hijacking. Source material indicates the vulnerabi...

CVE-2009-3565

McAfee Network Security Manager (NSM) NSM, affected versions before 5.1.11.6, is reported vulnerable to cross-site scripting (XSS) via user-controllable input in Login.jsp. Specifically, the iaction and node parameters are not properly sanitized, allowing remote attackers to inject arbitrary scri...