CVE-2021-4038

Name of the Vulnerable Software and Affected Versions McAfee Network Security Manager versions prior to 10.1 Minor 7

Description The issue is related to a Cross Site Scripting (XSS) vulnerability that allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. This occurs because the system does not correctly sanitize custom rule content in all scenarios. The vulnerability can be exploited by a remote attacker to conduct cross-site scripting attacks using specially crafted malicious content.

Recommendations For versions prior to 10.1 Minor 7, update to version 10.1 Minor 7 or later to resolve the issue. As a temporary workaround, consider restricting the creation of custom rules or sanitizing the HTML content in custom rules to minimize the risk of exploitation.