Lucene search

MitreCVE-2015-2760

HistoryMar 27, 2015 - 2:59 p.m.

CVE-2015-2760

2015-03-2714:59:10

CWE-79

mitre

web.nvd.nist.gov

cve-2015-2760

cross-site scripting

xss

epo extension

mcafee

data loss prevention endpoint

dlp

remote authenticated users

web script

html

security vulnerability

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.0%

JSON

Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

mcafeedata_loss_prevention_endpointRange≤9.3.400

VendorProductVersionCPE
mcafeedata_loss_prevention_endpoint*cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mcafee	data_loss_prevention_endpoint	*	cpe:2.3:a:mcafee:data_loss_prevention_endpoint::::::::

References

www.securityfocus.com/bid/73193

kc.mcafee.com/corporate/index?page=content&id=SB10111

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.0%

JSON

Related for CVE-2015-2760