CVE-2021-31830: 
McAfee Database Security vulnerability analysis and mitigation

CVE-2021-31830 is a Cross-site Scripting (XSS) vulnerability discovered in McAfee Database Security (DBSec) versions prior to 4.8.2. The vulnerability was disclosed and analyzed in June 2021, affecting McAfee Database Security installations (NVD).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) issue, identified as CWE-79. It received a CVSS v3.1 base score of 4.8 (MEDIUM) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, while Trellix assessed it with a score of 5.9 (MEDIUM) with vector string CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N (NVD).

The vulnerability allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. When any authorized user logs into the DBSec interface and opens the properties configuration page for this database, the malicious JavaScript code would be executed (NVD).

The vulnerability was addressed in McAfee Database Security version 4.8.2. Users should upgrade to this version or later to mitigate the risk (NVD).