CVE-2017-4015

Medium

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject…

intel·CWE-1021·Published 2017-05-17

CVSS

4.5

EPSS

0.01

KEV

Exploits

cve.orgen

191 chars

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.

NVDen

191 chars

Clickjacking vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to inject arbitrary web script or HTML via HTTP response header.

Una vulnerabilidad de Secuestro de Cliqueo en el servidor en McAfee Network Data Loss Prevention (NDLP) versiones 9.3.x, permite a los usuarios autenticados remotos inyectar script web o HTML arbitrario por medio del encabezado de respuesta HTTP.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N
3.1	Primary	NVD	4.5	0.9	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N