Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3922

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

Published

2014-05-30T14:55:09.677

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	trendmicro	interscan_messaging_security_virtual_appliance	8.5.1.1516	Yes

References

http://packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html Third Party Advisory ([email protected])
http://seclists.org/fulldisclosure/2014/May/164 Exploit, Mailing List ([email protected])
http://secunia.com/advisories/58491 Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/67726 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1030318 Third Party Advisory, VDB Entry ([email protected])
https://vimeo.com/96757096 Exploit ([email protected])
http://packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2014/May/164 Exploit, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/58491 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/67726 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030318 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://vimeo.com/96757096 Exploit (af854a3a-2127-422b-91ae-364da2661108)