CVE-2021-31848 — Cross-site Scripting in Data Loss Prevention EPO Extension

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA8.4

EPSS

0.3%

top 45.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mcafee Data Loss Prevention EPO Extension Mcafee Data Loss Prevention Endpoint

Timeline

PublishedNov 1

Latest updateMay 24

Description

Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5mcafee/data_loss_prevention_epo_extensionunspecified — 11.7.100+1

▶NVDmcafee/data_loss_prevention_endpoint11.6.0 — 11.6.400+1

🔴Vulnerability Details

GHSA

GHSA-h28h-cmg9-rmpc: Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11↗2022-05-24

▶

CVEList

Data Loss Prevention (DLP) ePO extension - Cross site scripting (XSS)↗2021-11-01

▶