CVE-2017-3933 — Cross-site Scripting in Network Data Loss Prevention

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 60.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Network Data Loss Prevention

Timeline

PublishedOct 31

Latest updateMay 17

Description

Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5mcafee/network_data_loss_prevention9.3.X

▶NVDmcafee/network_data_loss_prevention5 versions+4

Patches

Patch: kc.mcafee.com ↗Patch: kc.mcafee.com ↗

🔴Vulnerability Details

GHSA

GHSA-44mv-32fh-v4ff: Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9↗2022-05-17

▶