CVE-2017-3933

Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.
References
Link Resource
http://www.securityfocus.com/bid/101628 Third Party Advisory VDB Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10198 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mcafee:network_data_loss_prevention:9.3.0:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:network_data_loss_prevention:9.3.1:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:network_data_loss_prevention:9.3.2:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:network_data_loss_prevention:9.3.3:*:*:*:*:*:*:*
cpe:2.3:a:mcafee:network_data_loss_prevention:9.3.4:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-31 14:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-3933

Mitre link : CVE-2017-3933

CVE.ORG link : CVE-2017-3933


JSON object : View

Products Affected

mcafee

  • network_data_loss_prevention
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')