2021-06-03 10:10:16
trellix
PUBLISHED
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.