Severity

Medium

Analysis Summary

CVE-2021-31832

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.

Impact

• Cross-site Scripting

Affected Vendors

McAfee

Affected Products

• DLP Endpoint for Windows

Remediation

Install or update to DLP Endpoint for Windows 11.6.200
http://www.mcafee.com/us/downloads/downloads.aspx