EUVD-2022-42726

Malicious code in bioql PyPI...

CVE-2022-3339

A reflected cross-site scripting XSS vulnerability in ePO prior to 5.10 Update 14 allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to...

CVE-2021-23884

Cleartext Transmission of Sensitive Information vulnerability in the ePO Extension of McAfee Content Security Reporter CSR prior to 2.8.0 allows an ePO administrator to view the unencrypted password of the McAfee Web Gateway MWG or the password of the McAfee Web Gateway Cloud Server MWGCS read on...

PT-2023-26959 · Mcafee · Epo

Name of the Vulnerable Software and Affected Versions: ePO versions prior to 5.10 SP1 Update 1 Description: A reflected cross-site scripting XSS vulnerability allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated eP...

CVE-2021-31832

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...

Input validation

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...

CVE-2021-31832

CVE-2021-31832 affects McAfee Data Loss Prevention Endpoint (DLP) for Windows prior to version 11.6.200, due to improper neutralization of input in the ePO administrator extension’s alert configuration text field. The vulnerability allows a remote ePO DLP administrator to inject JavaScript into t...