Mcafee : Security Vulnerabilities, CVEs, Published In November 2009 (XSS)
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability.
Max CVSS
4.3
EPSS Score
0.72%
Published
2009-11-13
Updated
2018-10-10
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter.
Max CVSS
4.3
EPSS Score
0.46%
Published
2009-11-13
Updated
2018-10-10
2 vulnerabilities found