CVE-2021-31848

HIGH

McAfee Data Loss Prevention Endpoint 11.6.0-11.6.400 - Stored Cross-Site Scripting in Case Management

Title source: llm
STIX 2.1

Description

Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.

References (1)

Core 1
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://kc.mcafee.com/corporate/index?page=content&id=SB10371

Scores

CVSS v3 8.4
EPSS 0.0031
EPSS Percentile 54.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-79
Status published
Products (1)
mcafee/data_loss_prevention_endpoint 11.6.0 - 11.6.400
Published Nov 01, 2021
Tracked Since Feb 18, 2026