Lucene search

MitreCVE-2006-3261

HistoryJun 27, 2006 - 9:05 p.m.

CVE-2006-3261

2006-06-2721:05:00

mitre

web.nvd.nist.gov

cve-2006-3261

xss

trend micro

control manager

tmcm

web security

remote attackers

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.009

Percentile

82.5%

JSON

Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.

Affected configurations

Nvd

Node

trend_microcontrol_managerMatch3.5

VendorProductVersionCPE
trend_microcontrol_manager3.5cpe:2.3:a:trend_micro:control_manager:3.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trend_micro	control_manager	3.5	cpe:2.3:a:trend_micro:control_manager:3.5:::::::*

References

secunia.com/advisories/20794

securityreason.com/securityalert/1159

securitytracker.com/id?1016372

www.securityfocus.com/archive/1/438158/100/0/threaded

www.securityfocus.com/bid/18619

www.vupen.com/english/advisories/2006/2526

exchange.xforce.ibmcloud.com/vulnerabilities/27388

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.009

Percentile

82.5%

JSON

Related for CVE-2006-3261