VYPR
Medium severity6.1NVD Advisory· Published Apr 6, 2016· Updated Jun 17, 2026

CVE-2016-3969

CVE-2016-3969

Description

Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject arbitrary web script or HTML via an attachment in a blocked email.

Affected products

6
  • cpe:2.3:a:mcafee:email_gateway:7.6:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:mcafee:email_gateway:7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:mcafee:email_gateway:7.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:mcafee:email_gateway:7.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:mcafee:email_gateway:7.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:mcafee:email_gateway:7.6.4:*:*:*:*:*:*:*
    • (no CPE)range: <7.6.404

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.