CVE-2017-3948
MEDIUMMcAfee Data Loss Prevention Endpoint 10.0.x - Authenticated Cross-Site Scripting via IMG Tag Injection
Title source: llmDescription
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10202
Scores
CVSS v3
5.4
EPSS
0.0029
EPSS Percentile
52.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (6)
McAfee/Data Loss Prevention Endpoint (DLPe)
10.0.x
mcafee/data_loss_prevention_endpoint
10.0
mcafee/data_loss_prevention_endpoint
10.0.100
mcafee/data_loss_prevention_endpoint
10.0.200
mcafee/data_loss_prevention_endpoint
10.0.230
mcafee/data_loss_prevention_endpoint
10.0.250
Published
Jun 23, 2017
Tracked Since
Feb 18, 2026