CVE-2014-3922

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

Published: May 30, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-3922
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
trendmicro / interscan_messaging_security_virtual_appliance	8.5.1.1516	8.5.1.1516.x

http://packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2014/May/164
http://secunia.com/advisories/58491
http://www.securityfocus.com/bid/67726
http://www.securitytracker.com/id/1030318
https://vimeo.com/96757096

Vulnerability Database

289,871

CVE-2014-3922