Cross-Site Scripting in McAfee Email Gateway
CVE-2016-3969

6.1MEDIUM

Key Information:

Vendor: Mcafee
Status: Email Gateway
Vendor: CVE Published:; 6 April 2016

What is CVE-2016-3969?

The vulnerability in McAfee Email Gateway (MEG) 7.6.x versions prior to 7.6.404 is a cross-site scripting (XSS) issue that occurs when File Filtering is enabled with the action set to ESERVICES:REPLACE. This flaw allows remote attackers to exploit the system by injecting arbitrary web scripts or HTML through attachments in blocked emails. Addressing this vulnerability is crucial for maintaining the integrity and security of the email environment.

References

http://www.securitytracker.com/id/1035470

vdb-entryx_refsource_SECTRACK

https://kc.mcafee.com/corporate/index?page=content&id=SB1...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2016
Vulnerability Reserved
Apr 6, 2016

Mcafee

What is CVE-2016-3969?

References

CVSS V3.1

Timeline