CVE-2021-31848

Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
References
Configurations

Configuration 1

cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:data_loss_prevention_endpoint:*:*:*:*:*:*:*:*

Information

Published : 2021-11-01 08:15

Updated : 2021-11-03 02:52


NVD link : CVE-2021-31848

Mitre link : CVE-2021-31848

CWE