McAfee Data Loss Prevention Endpoint for Windows Multiple Local Security Vulnerabilities
McAfee Data Loss Prevention Endpoint for Windows is prone to the following security vulnerabilities.
1. A cross-site scripting vulnerability
2. An arbitrary code-execution vulnerability
An attacker may leverage these issues to execute arbitrary script code in the 'ePolicy Orchestrator' user interface of an unsuspecting user in the context of the affected application and steal cookie-based authentication credentials or execute arbitrary code within the context of the vulnerable application.
McAfee Data Loss Prevention Endpoint 11.x versions prior to 11.3.0 are vulnerable.