CVE-2014-3922

Опубликовано: 30 мая 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

Ссылки

http://packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html
Third Party Advisory
http://seclists.org/fulldisclosure/2014/May/164
Exploit
Mailing List
http://secunia.com/advisories/58491
Third Party Advisory
http://www.securityfocus.com/bid/67726
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030318
Third Party Advisory
VDB Entry
https://vimeo.com/96757096
Exploit
http://packetstormsecurity.com/files/126847/InterScan-Messaging-Security-Virtual-Appliance-8.5.1.1516-Cross-Site-Scripting.html
Third Party Advisory
http://seclists.org/fulldisclosure/2014/May/164
Exploit
Mailing List
http://secunia.com/advisories/58491
Third Party Advisory
http://www.securityfocus.com/bid/67726
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1030318
Third Party Advisory
VDB Entry
https://vimeo.com/96757096
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:trendmicro:interscan_messaging_security_virtual_appliance:8.5.1.1516:*:*:*:*:*:*:*

EPSS

Процентиль: 78%

0.01137

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rh6h-vr6m-q4jf

github

больше 3 лет назад