CVE ID:	CVE-2013-4883
Description:	Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
Test IDs:	None available
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4883 Bugtraq: 20130712 Multiple vulnerabilities in McAfee ePO 4.6.6 (Google Search) http://www.securityfocus.com/archive/1/527228 http://osvdb.org/95187 http://osvdb.org/95188 http://osvdb.org/95189 http://osvdb.org/95190 http://osvdb.org/95191 http://www.securitytracker.com/id/1028803