CVE-2006-3261 — Cross-site Scripting in Micro Control Manager

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 32.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trend Micro Control Manager

Timeline

PublishedJun 27

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDtrend_micro/control_manager3.5

🔴Vulnerability Details

GHSA

GHSA-5ch3-2r78-59w3: Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3↗2022-05-01

▶

CVEList

CVE-2006-3261: Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3↗2006-06-27

▶