XSS in Trendmicro Interscan_messaging_security_virtual_appliance
CVE-2014-3922
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteL…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.011 (78.8th percentile) — read the EPSS interpretation.
Affected products
- Trendmicro Interscan_messaging_security_virtual_appliance — versions 8.5.1.1516
- N/a — versions n/a
Weakness classification (CWE)
References
- 1030318 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 58491 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
- cve@mitre.org (Third Party Advisory, x_refsource_MISC)
- 20140529 XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 (Zero-DAY) (mailing-list, Exploit, x_refsource_FULLDISC, Mailing List)
- 67726 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- cve@mitre.org (Exploit, x_refsource_MISC)