CVE-2020-7301

MEDIUM

Mcafee Data Loss Prevention < 11.3.28 - XSS

Title source: rule

Description

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.

References (1)

[Vendor Advisory] https://kc.mcafee.com/corporate/index?page=content&id=SB10326

Scores

CVSS v3 4.1

EPSS 0.0044

EPSS Percentile 63.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

mcafee/data_loss_prevention < 11.3.28

Timeline

Published Aug 12, 2020

Tracked Since Feb 18, 2026