CVE-2017-3948

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 47.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Data Loss Prevention Endpoint (dlpe)Mcafee Data Loss Prevention Endpoint

Timeline

PublishedJun 23

Latest updateMay 17

Description

Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDmcafee/data_loss_prevention_endpoint5 versions+4

▶CVEListV5mcafee/data_loss_prevention_endpoint_(dlpe)10.0.x

Patches

Patch: kc.mcafee.com ↗Patch: kc.mcafee.com ↗

🔴Vulnerability Details

GHSA

GHSA-jhfg-pf4j-qc6v: Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10↗2022-05-17

▶

CVEList

CVE-2017-3948: Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10↗2017-06-23

▶