Lucene search

[email protected]NVD:CVE-2014-3922

HistoryMay 30, 2014 - 2:55 p.m.

CVE-2014-3922

2014-05-3014:55:09

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

Affected configurations

Nvd

Node

trendmicrointerscan_messaging_security_virtual_applianceMatch8.5.1.1516

VendorProductVersionCPE
trendmicrointerscan_messaging_security_virtual_appliance8.5.1.1516cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:8.5.1.1516:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendmicro	interscan_messaging_security_virtual_appliance	8.5.1.1516	cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:8.5.1.1516:::::::*

References

packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/May/164

secunia.com/advisories/58491

www.securityfocus.com/bid/67726

www.securitytracker.com/id/1030318

vimeo.com/96757096

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

Related for NVD:CVE-2014-3922

prion1 cvelist1 cve1