CVE-2017-3948

Published: Jun 23, 2017Modified: May 13, 2026

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.

Affected (5)

Products: Mcafee: Data Loss Prevention Endpoint

Mcafee

1 product

Data Loss Prevention Endpoint

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Mcafee Data Loss Prevention Endpoint	Version 10.0.100
Mcafee Data Loss Prevention Endpoint	Version 10.0.200
Mcafee Data Loss Prevention Endpoint	Version 10.0.230
Mcafee Data Loss Prevention Endpoint	Version 10.0.250
Mcafee Data Loss Prevention Endpoint	Version 10.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://kc.mcafee.com/corporate/index?page=content&id=SB10202

Source: secure@intel.com

PatchVendor Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10202

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.