Описание
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mcafee:data_loss_prevention_endpoint:10.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:data_loss_prevention_endpoint:10.0.100:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:data_loss_prevention_endpoint:10.0.200:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:data_loss_prevention_endpoint:10.0.230:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:data_loss_prevention_endpoint:10.0.250:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00288
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
больше 3 лет назад
Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.
EPSS
Процентиль: 52%
0.00288
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79