4 matches found
CVE-2017-6340
Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that...
CVE-2017-6340
CVE-2017-6340 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 prior to CP 1746. The issue is an XSS vulnerability in rest/commonlog/report/template name due to improper sanitization, compounded by weak access controls that let authenticated remote users with low privilege...
CVE-2017-6340
creationtimestamp| type| source ---|---|--- 2017-01-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42013...
Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities
Exploit Title: Trend Micro Interscan Web Security Virtual Appliance IWSVA 6.5.x Multiple Vulnerabilities Date: 12/01/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://www.trendmicro.com/us/enterprise/network-security/interscan-web-security/virtual-appliance/ Version...