CVEs-PoC/2021/CVE-2021-31852.md

### [CVE-2021-31852](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31852)
![](https://img.shields.io/static/v1?label=Product&message=McAfee%20Policy%20Auditor&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%206.5.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%3A%20%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20(%E2%80%98Cross-Site%20Scripting%E2%80%99)%09&color=brighgreen)

### Description

A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.

### POC

#### Reference
- https://kc.mcafee.com/corporate/index?page=content&id=SB10372

#### Github
No PoCs found on GitHub currently.