CVE-2020-8603

CWE-79Cross-site Scripting (XSS)6 documents4 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 39.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Trend Micro Trend Micro Interscan WEB Security Virtual ApplianceTrendmicro Interscan WEB Security Virtual Appliance
Timeline
PublishedMay 27
Latest updateMay 24

Description

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

Patches

Patch: success.trendmicro.comPatch: success.trendmicro.com

🔴Vulnerability Details

2
GHSA
GHSA-mfvw-r6f7-mjcf: A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 62022-05-24
CVEList
CVE-2020-8603: A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 62020-05-27

📋Vendor Advisories

3
Microsoft
Microsoft Excel Remote Code Execution Vulnerability2020-11-10
Microsoft
Microsoft Excel Remote Code Execution Vulnerability2020-11-10
Microsoft
Microsoft Excel Security Feature Bypass Vulnerability2020-11-10
CVE-2020-8603 (MEDIUM CVSS 6.1) | A cross-site scripting vulnerabilit | cvebase.io