CVE-2017-4011

MEDIUM NUCLEI

McAfee NDLP <9.3.x - XSS

Title source: llm

Description

Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request.

Nuclei Templates (1)

McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting

MEDIUMby geeknik

References (2)

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038523

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10198

Scores

CVSS v3 6.1

EPSS 0.1089

EPSS Percentile 93.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

mcafee/network_data_loss_prevention < 9.3.0

McAfee/Network Data Loss Prevention (NDLP) < 9.3.x

Published May 17, 2017

Tracked Since Feb 18, 2026