CVE-2019-3591
3.9
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| McAfee, LLC | Data Loss Prevention ePO extension | 11.x < 11.3.0 | affected |
Weaknesses
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ADP Enrichment
CVE Program Container
Additional References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10289
- http://www.securityfocus.com/bid/109377
References
- https://kc.mcafee.com/corporate/index?page=content&id=SB10289
- http://www.securityfocus.com/bid/109377
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.