← back
CVE-2021-31832

Cross site scripting vulnerability in DLP Endpoint for Windows

CVSS 5.2 MEDIUMEPSS 0.5%CWE-79
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
Affected products
McAfee,LLC · McAfee Data Loss Prevention (DLP) Endpoint for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://kc.mcafee.com/corporate/index?page=content&id=SB10360