CVE-2017-3948

MEDIUM

McAfee DLP Endpoint 10.0.x - XSS

Title source: llm

Description

Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.

References (1)

[Patch, Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10202

Scores

CVSS v3 5.4

EPSS 0.0029

EPSS Percentile 52.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (6)

mcafee/data_loss_prevention_endpoint

McAfee/Data Loss Prevention Endpoint (DLPe) < 10.0.x

Published Jun 23, 2017

Tracked Since Feb 18, 2026