Описание
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
Ссылки
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
EPSS
5.2 Medium
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
EPSS
5.2 Medium
CVSS3
4.8 Medium
CVSS3
3.5 Low
CVSS2