Advisory Information
Title: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability
Advisory ID: SWRX-2009-001
Advisory URL: http://www.secureworks.com/ctu/advisories/SWRX-2009-001
Date published: Wednesday, November 11, 2009
CVE: CVE-2009-3565
CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Date of last update: Wednesday, November 11, 2009
Vendors contacted: McAfee, Inc.
Release mode: Coordinated release
Discovered by: Daniel King, SecureWorks
Summary
McAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper
validation of user-supplied input. A remote attacker could exploit this vulnerability using
vulnerable parameters in a specially-crafted URL to execute script in a victim’s web browser within
the security context of the Network Security Manager site.
Affected Products
McAfee Network Security Manager (NSM), version 5.1.7.7 (default configuration).
It is unknown which other versions, if any, are affected as of November 11, 2009.
Vendor Information, Solutions and Workarounds
McAfee has provided a new release to address this security flaw. Upgrade NSM software to NSM
5.1.11.6 or above, available for McAfee NSM clients at:
https://secure.nai.com/apps/downloads/my_products/login.asp
More information is available from McAfee at:
McAfee Security Bulletin SB10004
Intrushield NSM update fixes XSS flaw
https://kc.mcafee.com/corporate/index?page=content&id=SB10004
Follow best practices of placing the security management console on a segregated management network.
Apply restrictive, default-deny firewall policies to protect these assets from access by unauthorized
users.
Do not perform administrative access of security management consoles from computers exposed to the
Internet through web browsing, email, and other applications. Lock down and heavily monitor systems
used to perform administrative tasks such as accessing security management consoles.
Details
User-controllable input supplied by the “iaction” and “node” parameters to the “Login.jsp” page is
not properly sanitized for invalid or malicious content prior to being returned to the user in
dynamically generated web content. This condition may aid an attacker in retrieving session cookies,
stealing recently submitted data, or launching further attacks.
SecureWorks Risk Scoring
Likelihood: 2 – Best practice is to deploy the management console web application on a segmented
management network.
Impact: 5 – Control over security appliances managed by the management console.
CVSS Severity (version 2.0)
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: None
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Proof of Concept
The following example URLs demonstrate user-controllable JavaScript being executed in the context of
the McAfee Network Security Manager website.
https://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14"><script>alert('XSS')</script>8b3283a1e57
https://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a"><script>alert(1)</script>2aa99b60533&iaction=precreatefcb14"><script>alert(‘XSS’)</script>8b3283a1e57
Revision History
1.0 November 11, 2009 – Initial advisory release
PGP Keys
This advisory has been signed with the PGP key of the SecureWorks Counter Threat Unit(SM), which is
available for download at http://www.secureworks.com/contact/SecureWorksCTU.asc.
About the SecureWorks Counter Threat Unit(SM)
Our expert team of threat researchers, also known as the SecureWorks Counter Threat Unit(SM),
identifies and analyzes emerging threats and develops countermeasures, correlations and SOC processes
to protect clients' critical information assets. The CTU frequently serves as an expert resource for
the media, publishes technical analyses for the security community and speaks about emerging threats
at security conferences. Leveraging our security technologies and a network of industry contacts, the
CTU tracks leading hackers and analyzes anomalous activity, uncovering new attack techniques and
threats. This process enables the CTU to identify threats as they emerge and develop countermeasures
that protect our clients before damage occurs.
About SecureWorks
With over 2000 clients, SecureWorks has become one of the leading Security as a Service providers
safeguarding more organizations 24x7 than any other vendor. SecureWorks focuses exclusively on
information security services and was recently positioned in the Leader's Quadrant in Gartner's Magic
Quadrant for Managed Security Services Providers (MSSPs). SecureWorks Security Information and Event
Management (SIEM) platform augmented with applied security research and 100% GIAC-certified experts
protects clients with our award-winning Managed Security Services and SIM On-Demand solution.
{"id": "SECURITYVULNS:DOC:22785", "bulletinFamily": "software", "title": "[SWRX-2009-001] McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA256\r\n\r\nSecureWorks Security Advisory SWRX-2009-001\r\nMcAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability\r\n\r\n\r\nAdvisory Information\r\nTitle: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability\r\nAdvisory ID: SWRX-2009-001\r\nAdvisory URL: http://www.secureworks.com/ctu/advisories/SWRX-2009-001\r\nDate published: Wednesday, November 11, 2009\r\nCVE: CVE-2009-3565\r\nCVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)\r\nDate of last update: Wednesday, November 11, 2009\r\nVendors contacted: McAfee, Inc.\r\nRelease mode: Coordinated release\r\nDiscovered by: Daniel King, SecureWorks\r\n\r\n\r\nSummary\r\nMcAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper\r\nvalidation of user-supplied input. A remote attacker could exploit this vulnerability using\r\nvulnerable parameters in a specially-crafted URL to execute script in a victim\u2019s web browser within\r\nthe security context of the Network Security Manager site.\r\n\r\n\r\nAffected Products\r\nMcAfee Network Security Manager (NSM), version 5.1.7.7 (default configuration).\r\nIt is unknown which other versions, if any, are affected as of November 11, 2009.\r\n\r\n\r\nVendor Information, Solutions and Workarounds\r\n\r\nMcAfee has provided a new release to address this security flaw. Upgrade NSM software to NSM\r\n5.1.11.6 or above, available for McAfee NSM clients at:\r\nhttps://secure.nai.com/apps/downloads/my_products/login.asp\r\n\r\nMore information is available from McAfee at:\r\nMcAfee Security Bulletin SB10004\r\nIntrushield NSM update fixes XSS flaw\r\nhttps://kc.mcafee.com/corporate/index?page=content&id=SB10004\r\n\r\nFollow best practices of placing the security management console on a segregated management network.\r\nApply restrictive, default-deny firewall policies to protect these assets from access by unauthorized\r\nusers.\r\n\r\nDo not perform administrative access of security management consoles from computers exposed to the\r\nInternet through web browsing, email, and other applications. Lock down and heavily monitor systems\r\nused to perform administrative tasks such as accessing security management consoles.\r\n\r\n\r\nDetails\r\nUser-controllable input supplied by the \u201ciaction\u201d and \u201cnode\u201d parameters to the \u201cLogin.jsp\u201d page is\r\nnot properly sanitized for invalid or malicious content prior to being returned to the user in\r\ndynamically generated web content. This condition may aid an attacker in retrieving session cookies,\r\nstealing recently submitted data, or launching further attacks. \r\n\r\n\r\nSecureWorks Risk Scoring\r\nLikelihood: 2 \u2013 Best practice is to deploy the management console web application on a segmented\r\nmanagement network.\r\nImpact: 5 \u2013 Control over security appliances managed by the management console.\r\n\r\n\r\nCVSS Severity (version 2.0)\r\nAccess Vector: Network exploitable; Victim must voluntarily interact with attack mechanism\r\nAccess Complexity: Medium\r\nAuthentication: Not required to exploit\r\nImpact Type: Allows unauthorized modification\r\nConfidentiality Impact: None\r\nIntegrity Impact: Partial\r\nAvailability Impact: None\r\nImpact Subscore: 2.9\r\nExploitability Subscore: 8.6\r\nCVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N)\r\n\r\n\r\nProof of Concept\r\nThe following example URLs demonstrate user-controllable JavaScript being executed in the context of\r\nthe McAfee Network Security Manager website.\r\nhttps://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14"><script>alert('XSS')</script>8b3283a1e57\r\nhttps://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a"><script>alert(1)</script>2aa99b60533&iaction=precreatefcb14"><script>alert(\u2018XSS\u2019)</script>8b3283a1e57\r\n\r\n\r\nRevision History\r\n1.0 November 11, 2009 \u2013 Initial advisory release\r\n\r\n\r\nPGP Keys\r\nThis advisory has been signed with the PGP key of the SecureWorks Counter Threat Unit(SM), which is\r\navailable for download at http://www.secureworks.com/contact/SecureWorksCTU.asc.\r\n\r\n\r\nAbout the SecureWorks Counter Threat Unit(SM)\r\nOur expert team of threat researchers, also known as the SecureWorks Counter Threat Unit(SM),\r\nidentifies and analyzes emerging threats and develops countermeasures, correlations and SOC processes\r\nto protect clients' critical information assets. The CTU frequently serves as an expert resource for\r\nthe media, publishes technical analyses for the security community and speaks about emerging threats\r\nat security conferences. Leveraging our security technologies and a network of industry contacts, the\r\nCTU tracks leading hackers and analyzes anomalous activity, uncovering new attack techniques and\r\nthreats. This process enables the CTU to identify threats as they emerge and develop countermeasures\r\nthat protect our clients before damage occurs.\r\n\r\n\r\nAbout SecureWorks\r\nWith over 2000 clients, SecureWorks has become one of the leading Security as a Service providers\r\nsafeguarding more organizations 24x7 than any other vendor. SecureWorks focuses exclusively on\r\ninformation security services and was recently positioned in the Leader's Quadrant in Gartner's Magic\r\nQuadrant for Managed Security Services Providers (MSSPs). SecureWorks Security Information and Event\r\nManagement (SIEM) platform augmented with applied security research and 100% GIAC-certified experts\r\nprotects clients with our award-winning Managed Security Services and SIM On-Demand solution.\r\n\r\n\r\nDisclaimer\r\nCopyright \u00a9 2009 SecureWorks, Inc.\r\nThis advisory may not be edited or modified in any way without the express written consent of\r\nSecureWorks, Inc. If you wish to reprint this advisory or any portion or element thereof, please\r\ncontact ctu@secureworks.com to seek permission. Permission is hereby granted to link to this\r\nadvisory via the SecureWorks website at http://www.secureworks.com/ctu/advisories/SWRX-2009-001 or\r\nuse in accordance with the fair use doctrine of U.S. copyright laws.\r\nThe information within this advisory may change without notice. The most recent version of this\r\nadvisory may be found on the SecureWorks web site at www.secureworks.com for a limited period of\r\ntime. Use of this information constitutes acceptance for use in an AS IS condition. There are NO\r\nwarranties, implied or otherwise, with regard to this information or its use. ANY USE OF THIS\r\nINFORMATION IS AT THE USER'S RISK. In no event shall SecureWorks be liable for any damages\r\nwhatsoever arising out of or in connection with the use or spread of this information.\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0\r\n\r\niQEcBAEBCAAGBQJK+y93AAoJEK0ZvYFWLue8iW4IAIUmyTg0ehNwpYVlBbH3+P3T\r\nkzUN4ENDQhgh0JNvd7f7jqtOmhX6Lnacnd4V9WKsCsg2DfW4KgKGre+Wx4qRYIwP\r\n58nrN9Gk3G/Al0xPUvOe/dAlTbpOeVykxEfVkqA4xbUu2/KprAZ8aBP/6W9p62GB\r\nDYCZ4xf72dfLnDZtuWRwDGDfp1vMhba9MVPm0b2BcBq9+efT5RPaarMSWriaKEla\r\niNexoajuguN9zes/kfFC15YmC40MCwlIvYlbZ38b8f2JwLvzHhVVMuGZ2hvFhCMa\r\nZHjStWZ7Ac3OigJOkV+ZIDriWQiHyfpFs+rSXzZX6p/WjB3aOgocVRUB4gNcV6s=\r\n=xV/4\r\n-----END PGP SIGNATURE-----", "published": "2009-11-12T00:00:00", "modified": "2009-11-12T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:22785", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2009-3565"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:32", "edition": 1, "viewCount": 8, "enchantments": {"score": {"value": 6.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3565"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:82692"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10400"]}, {"type": "seebug", "idList": ["SSV:12630"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2009-3565"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:82692"]}]}, "exploitation": null, "vulnersScore": 6.7}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"packetstorm": [{"lastseen": "2016-12-05T22:20:13", "description": "", "cvss3": {}, "published": "2009-11-17T00:00:00", "type": "packetstorm", "title": "McAfee Network Security Manager XSS", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-3565"], "modified": "2009-11-17T00:00:00", "id": "PACKETSTORM:82692", "href": "https://packetstormsecurity.com/files/82692/McAfee-Network-Security-Manager-XSS.html", "sourceData": "`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA256 \n \nSecureWorks Security Advisory SWRX-2009-001 \nMcAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability \n \n \nAdvisory Information \nTitle: McAfee Network Security Manager Cross-Site Scripting (XSS) Vulnerability \nAdvisory ID: SWRX-2009-001 \nAdvisory URL: http://www.secureworks.com/ctu/advisories/SWRX-2009-001 \nDate published: Wednesday, November 11, 2009 \nCVE: CVE-2009-3565 \nCVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N) \nDate of last update: Wednesday, November 11, 2009 \nVendors contacted: McAfee, Inc. \nRelease mode: Coordinated release \nDiscovered by: Daniel King, SecureWorks \n \n \nSummary \nMcAfee Network Security Manager is vulnerable to cross-site scripting (XSS) caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using vulnerable parameters in a specially-crafted URL to execute script in a victim\u0092s web browser within the security context of the Network Security Manager site. \n \n \nAffected Products \nMcAfee Network Security Manager (NSM), version 5.1.7.7 (default configuration). \nIt is unknown which other versions, if any, are affected as of November 11, 2009. \n \n \nVendor Information, Solutions and Workarounds \n \nMcAfee has provided a new release to address this security flaw. Upgrade NSM software to NSM 5.1.11.6 or above, available for McAfee NSM clients at: \nhttps://secure.nai.com/apps/downloads/my_products/login.asp \n \nMore information is available from McAfee at: \nMcAfee Security Bulletin SB10004 \nIntrushield NSM update fixes XSS flaw \nhttps://kc.mcafee.com/corporate/index?page=content&id=SB10004 \n \nFollow best practices of placing the security management console on a segregated management network. Apply restrictive, default-deny firewall policies to protect these assets from access by unauthorized users. \n \nDo not perform administrative access of security management consoles from computers exposed to the Internet through web browsing, email, and other applications. Lock down and heavily monitor systems used to perform administrative tasks such as accessing security management consoles. \n \n \nDetails \nUser-controllable input supplied by the \u0093iaction\u0094 and \u0093node\u0094 parameters to the \u0093Login.jsp\u0094 page is not properly sanitized for invalid or malicious content prior to being returned to the user in dynamically generated web content. This condition may aid an attacker in retrieving session cookies, stealing recently submitted data, or launching further attacks. \n \n \nSecureWorks Risk Scoring \nLikelihood: 2 \u0096 Best practice is to deploy the management console web application on a segmented management network. \nImpact: 5 \u0096 Control over security appliances managed by the management console. \n \n \nCVSS Severity (version 2.0) \nAccess Vector: Network exploitable; Victim must voluntarily interact with attack mechanism \nAccess Complexity: Medium \nAuthentication: Not required to exploit \nImpact Type: Allows unauthorized modification \nConfidentiality Impact: None \nIntegrity Impact: Partial \nAvailability Impact: None \nImpact Subscore: 2.9 \nExploitability Subscore: 8.6 \nCVSS v2 Base Score: 4.3 (Medium) (AV:N/AC:M/Au:N/C:N/I:P/A:N) \n \n \nProof of Concept \nThe following example URLs demonstrate user-controllable JavaScript being executed in the context of the McAfee Network Security Manager website. \nhttps://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14\"><script>alert('XSS')</script>8b3283a1e57 \nhttps://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a\"><script>alert(1)</script>2aa99b60533&iaction=precreatefcb14\"><script>alert(\u0091XSS\u0092)</script>8b3283a1e57 \n \n \nRevision History \n1.0 November 11, 2009 \u0096 Initial advisory release \n \n \nPGP Keys \nThis advisory has been signed with the PGP key of the SecureWorks Counter Threat Unit(SM), which is available for download at http://www.secureworks.com/contact/SecureWorksCTU.asc. \n \n \nAbout the SecureWorks Counter Threat Unit(SM) \nOur expert team of threat researchers, also known as the SecureWorks Counter Threat Unit(SM), identifies and analyzes emerging threats and develops countermeasures, correlations and SOC processes to protect clients' critical information assets. The CTU frequently serves as an expert resource for the media, publishes technical analyses for the security community and speaks about emerging threats at security conferences. Leveraging our security technologies and a network of industry contacts, the CTU tracks leading hackers and analyzes anomalous activity, uncovering new attack techniques and threats. This process enables the CTU to identify threats as they emerge and develop countermeasures that protect our clients before damage occurs. \n \n \nAbout SecureWorks \nWith over 2000 clients, SecureWorks has become one of the leading Security as a Service providers safeguarding more organizations 24x7 than any other vendor. SecureWorks focuses exclusively on information security services and was recently positioned in the Leader's Quadrant in Gartner's Magic Quadrant for Managed Security Services Providers (MSSPs). SecureWorks Security Information and Event Management (SIEM) platform augmented with applied security research and 100% GIAC-certified experts protects clients with our award-winning Managed Security Services and SIM On-Demand solution. \n \n \nDisclaimer \nCopyright \u00a9 2009 SecureWorks, Inc. \nThis advisory may not be edited or modified in any way without the express written consent of SecureWorks, Inc. If you wish to reprint this advisory or any portion or element thereof, please contact ctu@secureworks.com to seek permission. Permission is hereby granted to link to this advisory via the SecureWorks website at http://www.secureworks.com/ctu/advisories/SWRX-2009-001 or use in accordance with the fair use doctrine of U.S. copyright laws. \nThe information within this advisory may change without notice. The most recent version of this advisory may be found on the SecureWorks web site at www.secureworks.com for a limited period of time. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. ANY USE OF THIS INFORMATION IS AT THE USER'S RISK. In no event shall SecureWorks be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.4.9 (MingW32) - WinPT 1.2.0 \n \niQEcBAEBCAAGBQJK+y93AAoJEK0ZvYFWLue8iW4IAIUmyTg0ehNwpYVlBbH3+P3T \nkzUN4ENDQhgh0JNvd7f7jqtOmhX6Lnacnd4V9WKsCsg2DfW4KgKGre+Wx4qRYIwP \n58nrN9Gk3G/Al0xPUvOe/dAlTbpOeVykxEfVkqA4xbUu2/KprAZ8aBP/6W9p62GB \nDYCZ4xf72dfLnDZtuWRwDGDfp1vMhba9MVPm0b2BcBq9+efT5RPaarMSWriaKEla \niNexoajuguN9zes/kfFC15YmC40MCwlIvYlbZ38b8f2JwLvzHhVVMuGZ2hvFhCMa \nZHjStWZ7Ac3OigJOkV+ZIDriWQiHyfpFs+rSXzZX6p/WjB3aOgocVRUB4gNcV6s= \n=xV/4 \n-----END PGP SIGNATURE----- \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/82692/SWRX-2009-001.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T18:30:17", "description": "BUGTRAQ ID: 37003\r\nCVE ID: CVE-2009-3565\r\n\r\nMcAfee Network Security Manager\u662f\u4e00\u6b3e\u529f\u80fd\u5f3a\u5927\u7684\u5165\u4fb5\u9632\u62a4\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nMcAfee Network Security Manager\u6ca1\u6709\u6b63\u786e\u5730\u9a8c\u8bc1\u63d0\u4ea4\u7ed9\u7ba1\u7406\u63a7\u5236\u53f0Login.jsp\u9875\u9762\u7684iaction\u548cnode\u53c2\u6570\u4fbf\u5728\u52a8\u6001\u751f\u6210\u7684Web\u5185\u5bb9\u4e2d\u8fd4\u56de\u7ed9\u4e86\u7528\u6237\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u5728\u7528\u6237\u7684\u6d4f\u89c8\u5668\u4f1a\u8bdd\u4e2d\u6ce8\u5165\u5e76\u6267\u884c\u4efb\u610fHTML\u6216\u811a\u672c\u4ee3\u7801\u3002\n0\nMcAfee Network Security Manager 5.1.7.7\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nMcAfee\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttps://secure.nai.com/apps/downloads/my_products/login.asp", "cvss3": {}, "published": "2009-11-13T00:00:00", "type": "seebug", "title": "McAfee Network Security Manager Login.jsp\u9875\u9762\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2009-3565"], "modified": "2009-11-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12630", "id": "SSV:12630", "sourceData": "\n https://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=&iaction=precreatefcb14"><script>alert('XSS')</script>8b3283a1e57\r\nhttps://x.x.x.x/intruvert/jsp/module/Login.jsp?password=&Login%2bID=&node=8502a"><script>alert(1)</script>2aa99b60533&iaction=precreatefcb14"><script>alert(\u2018XSS\u2019)</script>8b3283a1e57\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-12630", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "cve": [{"lastseen": "2022-03-23T21:35:18", "description": "Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.", "cvss3": {}, "published": "2009-11-13T15:30:00", "type": "cve", "title": "CVE-2009-3565", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3565"], "modified": "2018-10-10T19:47:00", "cpe": ["cpe:/a:mcafee:intrushield_network_security_manager:5.1.7.7", "cpe:/a:mcafee:intrushield_network_security_manager:5.1.7.74", "cpe:/a:mcafee:intrushield_network_security_manager:5.1.7.73"], "id": "CVE-2009-3565", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3565", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mcafee:intrushield_network_security_manager:5.1.7.73:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:intrushield_network_security_manager:5.1.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:mcafee:intrushield_network_security_manager:5.1.7.74:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2021-06-08T19:03:37", "description": "Authentication bypass, session hijacking, crossite scripting.", "edition": 2, "cvss3": {}, "published": "2009-11-12T00:00:00", "title": "McAfee Network Security Manager multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2009-3566", "CVE-2009-3565"], "modified": "2009-11-12T00:00:00", "id": "SECURITYVULNS:VULN:10400", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10400", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
