CVE-2017-3933
MEDIUMMcAfee Network Data Loss Prevention 9.3.x - Authenticated Cross-Site Scripting via HTTP Headers
Title source: llmDescription
Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101628
Patch, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10198
Scores
CVSS v3
5.4
EPSS
0.0018
EPSS Percentile
39.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (6)
McAfee/Network Data Loss Prevention
9.3.X
mcafee/network_data_loss_prevention
9.3.0
mcafee/network_data_loss_prevention
9.3.1
mcafee/network_data_loss_prevention
9.3.2
mcafee/network_data_loss_prevention
9.3.3
mcafee/network_data_loss_prevention
9.3.4
Published
Oct 31, 2017
Tracked Since
Feb 18, 2026