Cross site scripting

2021-11-0120:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

35.3%

JSON

Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.

CPENameOperatorVersion
data_loss_prevention_endpointge11.6.0
data_loss_prevention_endpointlt11.6.400
data_loss_prevention_endpointge11.7.0
data_loss_prevention_endpointlt11.7.100

Name	Operator	Version
data_loss_prevention_endpoint	ge	11.6.0
data_loss_prevention_endpoint	lt	11.6.400
data_loss_prevention_endpoint	ge	11.7.0
data_loss_prevention_endpoint	lt	11.7.100

References

kc.mcafee.com/corporate/index?page=content&id=SB10371

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for PRION:CVE-2021-31848