CVE-2014-3922

Exploit

EPSS 1.14%
Published 30.05.2014 14:55:09
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Trendmicro ≫ Interscan Messaging Security Virtual Appliance Version8.5.1.1516

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.14%	0.764

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html

Third Party Advisory

http://seclists.org/fulldisclosure/2014/May/164

Exploit

Mailing List

http://secunia.com/advisories/58491

Third Party Advisory

http://www.securityfocus.com/bid/67726

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1030318

Third Party Advisory