CVE-2017-3948

Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.

Published: Jun 23, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-3948
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
mcafee / data_loss_prevention_endpoint	10.0.250	10.0.250.x
mcafee / data_loss_prevention_endpoint	10.0.100	10.0.100.x
mcafee / data_loss_prevention_endpoint	10.0	10.0.x
mcafee / data_loss_prevention_endpoint	10.0.230	10.0.230.x
mcafee / data_loss_prevention_endpoint	10.0.200	10.0.200.x

https://kc.mcafee.com/corporate/index?page=content&id=SB10202

Vulnerability Database

289,782

CVE-2017-3948