CVE-2020-7303

Published Aug 13, 2020

Last updated a year ago

CVSS medium 4.1

Overview

Description: Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote user to trigger scripts to run in a user's browser via adding a new label.
Source: trellixpsirt@trellix.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.1
Impact score: 2.5
Exploitability score: 1.5
Vector string: CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.3
Impact score: 2.9
Exploitability score: 4.4
Vector string: AV:A/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79
trellixpsirt@trellix.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5549CA0D-E484-41B3-9FBF-5A9E48DB3668",
            "versionEndExcluding": "11.3.28",
            "versionStartIncluding": "11.3.0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C387BBB4-FD6A-40EB-B02A-297E45291EF1",
            "versionEndExcluding": "11.4.200",
            "versionStartIncluding": "11.4.0"
          },
          {
            "criteria": "cpe:2.3:a:mcafee:data_loss_prevention:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D292F8EF-8232-4803-A465-18C6CCBB6DEB",
            "versionEndExcluding": "11.5.3",
            "versionStartIncluding": "11.5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References