CVE-2019-3638

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link.

Published: Sep 12, 2019
Updated: May 9, 2024
CVE: CVE-2019-3638
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.6
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
mcafee / web_gateway	7.8.2	7.8.2.13
mcafee / web_gateway	8.0.0	8.2.0

https://kc.mcafee.com/corporate/index?page=content&id=SB10294

Vulnerability Database

289,599

CVE-2019-3638