CVE-2021-31835: 
McAfee ePolicy Orchestrator vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was identified in McAfee ePolicy Orchestrator (ePO) versions prior to 5.10 Update 11. The vulnerability was assigned CVE-2021-31835 and was discovered in April 2021. This security flaw affects the McAfee ePolicy Orchestrator platform, a centralized security management software (NVD, CVE).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) and allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (NVD).

The exploitation of this vulnerability could allow attackers to inject malicious web scripts or HTML content, potentially leading to unauthorized access to sensitive information and manipulation of web content. The CVSS scoring indicates low confidentiality and integrity impacts, with no impact on availability (NVD).

The vulnerability has been addressed in McAfee ePolicy Orchestrator (ePO) version 5.10 Update 11. Users are advised to upgrade to this version or later to mitigate the risk (CVE).