Cross-Site Scripting Vulnerability in McAfee Data Loss Prevention Endpoint
CVE-2015-2760

Currently unrated

Key Information:

Vendor: Mcafee
Status: Data Loss Prevention Endpoint
Vendor: CVE Published:; 27 March 2015

Summary

A cross-site scripting (XSS) vulnerability exists in the ePO extension of McAfee Data Loss Prevention Endpoint prior to the 9.3 Patch 4 Hotfix 16. This flaw allows remote authenticated users to inject arbitrary web script or HTML into the affected application, potentially compromising user data and the integrity of the application. Exploitation of this vulnerability could lead to unauthorized actions being executed in the context of the victim's session.

References

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/73193

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 27, 2015
Vulnerability Reserved
Mar 27, 2015