{"uuid": "9c1be0e8-c8a6-4feb-8af5-fbaede04c970", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-7318", "type": "exploited", "source": "https://t.me/CyberSecurityTechnologies/2246", "content": "#Threat_Research\nVulnerabilities in McAfee ePolicy Orchestrator (PoCs for CVE-2020-7318):\n- CSRF + SSRF + MITM = Command Execution;\n- RCE by a logged-in user as the result of a ZipSlip attack;\n- Reflected XSS.\nhttps://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/\nPoC: \n/PolicyMgmt/policyDetailsCard.do?poID=19&typeID=3&prodID=%27%22%3E%3Csvg%2fonload%3daIert(document.domain)%3E", "creation_timestamp": "2020-12-31T18:34:35.000000Z"}