Vulnerabilities > Mcafee > Intrushield Network Security Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-13 | CVE-2009-3566 | Cross-Site Scripting vulnerability in Mcafee Intrushield Network Security Manager 5.1.7.7/5.1.7.73 McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site scripting (XSS) vulnerability. | 4.3 |
| 2009-11-13 | CVE-2009-3565 | Cross-Site Scripting vulnerability in Mcafee Intrushield Network Security Manager 5.1.7.7/5.1.7.73 Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or (2) node parameter. | 4.3 |