Security Advisory

CVE-2021-31832

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-06-09 13:45:17
Last updated 2024-08-03 23:10:30
Assigner trellix
State PUBLISHED

Description

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.