CVEs-PoC/2021/CVE-2021-31851.md

### [CVE-2021-31851](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31851)
![](https://img.shields.io/static/v1?label=Product&message=McAfee%20Policy%20Auditor&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(%E2%80%98Cross-Site%20Scripting%E2%80%99)%09&color=brightgreen)

### Description

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.

### POC

#### Reference
- https://kc.mcafee.com/corporate/index?page=content&id=SB10372

#### Github
No PoCs found on GitHub currently.