Lucene search

MitreCVE-2014-3922

HistoryMay 30, 2014 - 2:55 p.m.

CVE-2014-3922

2014-05-3014:55:09

CWE-79

mitre

web.nvd.nist.gov

cve-2014-3922

cross-site scripting

xss vulnerability

trend micro interscan messaging security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

Affected configurations

Nvd

Node

trendmicrointerscan_messaging_security_virtual_applianceMatch8.5.1.1516

VendorProductVersionCPE
trendmicrointerscan_messaging_security_virtual_appliance8.5.1.1516cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:8.5.1.1516:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendmicro	interscan_messaging_security_virtual_appliance	8.5.1.1516	cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:8.5.1.1516:::::::*

References

packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/May/164

secunia.com/advisories/58491

www.securityfocus.com/bid/67726

www.securitytracker.com/id/1030318

vimeo.com/96757096

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.002

Percentile

61.6%

JSON

Related for CVE-2014-3922