CVE-2014-3922

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

1.1%

top 21.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Trendmicro Interscan Messaging Security Virtual Appliance

Timeline

PublishedMay 30

Latest updateJul 4

Description

Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDtrendmicro/interscan_messaging_security_virtual_appliance8.5.1.1516

🔴Vulnerability Details

GHSA

GHSA-rh6h-vr6m-q4jf: Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8↗2022-05-17

▶

CVEList

CVE-2014-3922: Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8↗2014-05-30

▶

📋Vendor Advisories

Red Hat

kernel: f2fs: fix to do sanity check on sit_bitmap_size↗2025-07-04

▶