CVE-2021-31832 MEDIUM

CVE-2021-31832: Cross site scripting vulnerability in DLP Endpoint for Windows

Vendor Mcafee,Llc
Product McAfee Data Loss Prevention (DLP) Endpoint for Windows
Weakness CWE-79 · XSS
Published June 9, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

5.2/10
Attack vector Adjacent
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.

Key dates

02Disclosure timeline

June 9, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-35764 WordPress Church Admin plugin <= 4.4.4 - Cross Site Scripting (XSS) vulnerability CVE-2026-3142 Pinterest Site Verification plugin using Meta Tag <= 1.8 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'post_var' CVE-2021-39320 underConstruction <= 1.18 - Reflected Cross-Site Scripting CVE-2023-5597 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x CVE-2025-49298 WordPress Event post plugin <= 5.10.1 - Cross Site Scripting (XSS) Vulnerability