Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-4011 — Cross-site Scripting in Network Data Loss Prevention

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

10.9%

top 6.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mcafee Network Data Loss Prevention

Timeline

PublishedMay 17

Latest updateMay 17

Description

Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDmcafee/network_data_loss_prevention9.3.0

▶CVEListV5mcafee/network_data_loss_prevention9.3.x

🔴Vulnerability Details

GHSA

GHSA-8324-gvhf-344h: Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9↗2022-05-17

▶

💥Exploits & PoCs

Nuclei

McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

▶