http://www.mcafee.com/us/mcafee-labs.aspxA user could inject code for example:
<img src=f00bar onerror=prompt("xss");>...on the input text in the form "Search the Threat Library".
When changing the select box it will get the XSS vector executed on the browser.
This "self-XSS" it's a minor security issue but still can be used to trick other users and a good way to check the security policies of McAfee.
Keep in mind that this issue has been fixed.
My congratulations on the good and fast support from McAfee security team.