CVE-2021-31834

Name of the Vulnerable Software and Affected Versions McAfee ePolicy Orchestrator (ePO) versions prior to 5.10 Update 11

Description The issue allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. This is a Stored Cross-Site Scripting vulnerability.

Recommendations For versions prior to 5.10 Update 11, update to version 5.10 Update 11 or later to resolve the issue. As a temporary workaround, consider restricting the input of administrators to prevent arbitrary web script or HTML injection until a patch is applied.