← back
CVE-2020-7301

DLP ePO extension - Cross site scripting

CVSS 4.1 MEDIUMEPSS 0.5%CWE-79
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.1EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case management section.
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Affected products
McAfee · DLP ePO extension

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10326