CVE-2021-31832

MEDIUM

McAfee Data Loss Prevention < 11.6.200 - Stored Cross-Site Scripting in Alert Configuration Text Field

Title source: llm
STIX 2.1

Description

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.

References (1)

Core 1
Core References
Broken Link, Vendor Advisory x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10360

Scores

CVSS v3 5.2
EPSS 0.0040
EPSS Percentile 61.0%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
mcafee/data_loss_prevention < 11.6.200
Published Jun 09, 2021
Tracked Since Feb 18, 2026